[PERDITION-USERS] Thunderbird 3.1 SSL/TLS Renegotiation

Hi List, I've just searched the July 2010 Archives [1] for a problem with Mozilla Thunderbird 3.1 and a TLS connection to Perdition, but am still missing a solution. After connecting to Perdition, Thunderbird 3.1 emits warnings like: Looking into the perdition logs reveals: The same when running perdition in debug mode: I think the "no shared ciphers" is misleading here, it's the first message that looks b0rked: This could be related to the SSL/TLS renegotiation [2] done by the recent Mozilla stack because of CVE-2009-3555, as pointed to by Thierry Hotelier some days ago [3]. There is another mail by Giorgio Paolucci [4] indicating a problem with the ssl/tls session caching (which really matches the error message). Too bad the proposed fix (patch?) did not end up in the mailing list archive. Could someone (Georgio?) please re-post this patch inline so others will find it without being subscribed? After a quick search on openssl-users it looks like this can be fixed using SSL_CTX_set_session_id_context. Any news on this? Thanks. [1] http://lists.vergenet.net/pipermail/perdition-users/2010-July/thread.html [2] https://wiki.mozilla.org/Security:Renegotiation [3] http://lists.vergenet.net/pipermail/perdition-users/2010-July/002336.html [4] http://lists.vergenet.net/pipermail/perdition-users/2010-July/002341.html