Kamesh Jayachandran wrote: > >>Do you have session caching disabled in the server configuration, either >>accidentally or deliberately? That seems to me to be the only thing > that fits >>the tcpdump you sent. > >>If so please turn session caching on and try the SSL_OP_NO_TICKET patch > again. > > I am away from the test setup. Should be able to do this only on coming > Monday. >
OK, will be interested to know if that works. Based on my analysis the latest snapshots of OpenSSL should fix this properly but that is a client side fix. Server side disabling tickets and making sure the session cache is enabled should be a usable workaround. Steve. -- Dr Stephen N. Henson. Senior Technical/Cryptography Advisor, Open Source Software Institute: www.oss-institute.org OpenSSL Core team: www.openssl.org