Hello Again: Having done a top level rebuild the problem I described earlier went away. I'm now back to the real issue of why B_DecryptFinal() would return an invalid data error (0x20c) when decrypting data encrypted by a PKCS11 token? This occurs during the key exchange handshake in SSL3 when a weak crypto client talks to a strong crypto server. The decryption works when using software signing and the token is able to decrypt data sent to it from the browser (e.g. when talking strong to strong where the handshake is not executed), so I'm pretty sure the problem is specific to the decryption of hardware encrypted data. I'd further speculate that the problem is something to to with some an incompatable data encoding but then I don't see why the token would be able to decrypt client encrypted data. The key type is RSA and the mechanism is CKM_RSA_PKCS. The problem occurs with both Chrysalis and nCipher tokens on NT and Solaris. Any solution pointers are greatly appreciated. TIA, Eric Gilbertson [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]