Kamesh Jayachandran wrote: > >>That is most peculiar. The server is sending back a zero length session > ID in >>the server hello which it shouldn't be doing if tickets are disabled. > >>Is the server somehow using an older version of OpenSSL? There has been > a bug >in >>the past which might do that but it was fixed well before 0.9.8k. > > Server uses openssl-0.9.8k. >
Do you have session caching disabled in the server configuration, either accidentally or deliberately? That seems to me to be the only thing that fits the tcpdump you sent. If so please turn session caching on and try the SSL_OP_NO_TICKET patch again. Steve. -- Dr Stephen N. Henson. Senior Technical/Cryptography Advisor, Open Source Software Institute: www.oss-institute.org OpenSSL Core team: www.openssl.org
