Eh, all that stuff was unhelpful in my situation (but then again, all the regulars on the mailing list know I'm an idiot by now, so here's a disclaimer: the following are merely the ravings of a madman and you will probably melt your server and be fired if you follow them). Here's what worked, on Linux 2.2.8, on a dual PII, for us -- not expiring the shmem cache: SSLSessionCacheTimeout 86400 and adding the following to root's crontab: 0 3 * * * /opt/www/sbin/apachectl graceful >&/dev/null; YES, IT'S BUTT UGLY. However, the server no longer crashes and I don't get erroneous "client certificate missing" error messages from clients who have valid certs. The main reason we are using SSL is for client-side authentication; we do not deal in volume. HOWEVER, I am aware that this is an ugly fix, and useless for higher-volume sites. Sorry. Feel free to flame me as necessary. I am not 100% sure of the ramifications of this hack. -- "When it is not necessary to make a decision, it is necessary not to make a decision." --Lord Falkland ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]