chatmail
Enable TLS 1.3 session resumption for Dovecot
TLS 1.3 session resumption can be tested by running
openssl s_client -connect c2.testrun.org:443 -tls1_3 -sess_out sess.pem
followed by
openssl s_client -connect c2.testrun.org:443 -tls1_3 -sess_in sess.pem
On the first run you should see New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384, but on a second run Reused, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384. However, second connection also shows "New" even though the server issues two tickets on the first connection as can be seen from two lines Post-Handshake New Session Ticket arrived:.
With Postfix session resumption works but Postfix (port 465) issues only one ticket and only if resumption was not used: https://github.com/deltachat/chatmail/issues/456
Established session can even be reused on port 587 with -starttls smtp and vice versa.
pre_shared_key (41) extension is not encrypted and is visible in Wireshark in the Server Hello message.
nginx sends two tickets if session is not resumed and one ticket if session is resumed.
But with Dovecot on port 993 second run results in New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384.
imap.fastmail.com:993, disroot.org:993, riseup.net:993, imap.migadu.com:993 do not support it, imap.gmail.com:993 supports.
We should probably move TLS to nginx, then Dovecot does not need to manage TLS anymore and session resumption will work just like for HTTPS: https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html
EDIT: However, terminating TLS early at nginx has its advantages, but makes it impossible to use TLS channel bindings. If we want to deploy better authentication than PLAIN like SCRAM, terminating TLS early will prevent this.
In Debian according to nginx -V nginx is compiled with --with-mail_ssl_module and --with-mail=dynamic so if we install libnginx-mod-mail mail proxying should work with TLS.