From 22c8911bf3f768931d93f599b0eb03882d1c78e3 Mon Sep 17 00:00:00 2001
From: Mechiel Lukkien <mechiel@ueber.net>
Date: Wed, 6 Nov 2024 10:19:23 +0100
Subject: [PATCH] disable tls session tickets to workaround deliverability
 issues with incoming email from microsoft

for issue #237
---
 autotls/autotls.go | 1 +
 mox-/config.go     | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/autotls/autotls.go b/autotls/autotls.go
index 4bbc229356..77c7b15601 100644
--- a/autotls/autotls.go
+++ b/autotls/autotls.go
@@ -229,6 +229,7 @@ func (m *Manager) TLSConfig(fallbackHostname dns.Domain, fallbackNoSNI, fallback
 		GetCertificate: func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
 			return m.loggingGetCertificate(hello, fallbackHostname, fallbackNoSNI, fallbackUnknownSNI)
 		},
+		SessionTicketsDisabled: true,
 	}
 }
 
diff --git a/mox-/config.go b/mox-/config.go
index b94594c6f2..a238f0786b 100644
--- a/mox-/config.go
+++ b/mox-/config.go
@@ -1920,7 +1920,8 @@ func loadTLSKeyCerts(configFile, kind string, ctls *config.TLS) error {
 		certs = append(certs, cert)
 	}
 	ctls.Config = &tls.Config{
-		Certificates: certs,
+		Certificates:           certs,
+		SessionTicketsDisabled: true,
 	}
 	ctls.ConfigFallback = ctls.Config
 	return nil