nginx IMAP proxy SSL problems in 0.6.31

Rob Mueller robm at fastmail.fm
Wed May 21 04:53:20 MSD 2008


This is more of an FYI for anyone using nginx for IMAP proxying.

We have been using 0.5.36 for ages, but decided the other day to upgrade to 
0.6.31. At first everything seemed to work just fine. However I noticed that 
when you sent an email via Outlook Express, it would fail to upload the 
email to the Sent Items folder on the IMAP server, and report an error about 
the server terminating the connection. Everything else seemed to be fine 
though.

After a bunch of digging about in SSL source, it seemed that the problem was 
actually Outlook Express disconnecting during the SSL handshake phase. After 
some suggestions from Igor, it was thought that maybe a change between 0.5 
and 0.6 series where the SSL session cache was disabled unless explicitly 
enabled might be the problem.

Some testing seems to show that that is the problem.

By default, 0.6.31 explicitly disables the SSL cache (SSL_SESS_CACHE_OFF, 
see http://marc.info/?t=120127289900027&r=1&w=2 for why) unless you add a 
ssl_session_cache line (see 
http://wiki.codemongers.com/NginxMailSslModule#ssl_session_cache for 
details)

It seems that there's some interaction between OpenSSL and Outlook Express 
that one of them doesn't like. Adding any sort of session cache seems to fix 
the problem. (Even if it's only a local one in a multi-process model, which 
in theory should not necessarily help at all)

Rob






More information about the nginx mailing list