Viktor Dukhovni

@dudebout, are you still interested in getting this done, or should I take over at some point?

> No time constraint at least to me! Same here, just did not want to simply ignore this forever. You can take some more time, but I may beat you...

Technical nit: Postfix does not respond to `ClientHello` messages, OpenSSL does. That aside, you've not been very specific in your error report: * Is the client offering TLS 1.3 in...

FWIW, in my tests of TLS 1.2 with both OpenSSL 1.1.1 and 3.0, when the Postfix SMTP server accepts a session ticket, it echoes back the corresponding session id. Otherwise,...

You can send me the PCAP files by email. I'd want to see some evidence that the session id is relevant. For example a successful session from a Java client...

I would have expected your OpenSSL3.0 stack to ACK the client`s: ``` Extension: ec_point_formats (len=2) Type: ec_point_formats (11) Length: 2 EC point formats Length: 1 Elliptic curves point formats (1)...

I'm unable to reproduce the reported behaviour with a TLS 1.2 client that does not offer session ticket support. In that case I see the server return a fresh session...

The *successful* handshake is with a different client, that offered more `ec_point_formats` than just `uncompressed`. The server's list has to be a subset of the client's list. You don't appear...

You can `trim` a PCAP file by selecting only traffic with a given client source port: ``` # tcpdump -r /src/file.pcap -s0 -w /dst/file.pcap tcp port 12345 ``` To see...

As I thought might be the case, the problem is not the Server Hello as such, but rather the next server message, which on the one hand suggests session resumption...