The change introduced in OpenSSL 0.9.6d to prevent attacks on CBC ciphers with known IVs seems to break compatibility. Several discussions on the list and discussions I had in private email indicate, that compatibility problems arise from this change. It should be discussed, whether there is another way to circumvent the problem (probably not), whether the problem is that dangerous that the compatibility problems are acceptable with respect to the risk, or whether the change should be reverted until an "official" solution in the TLS specification is made.
This problem also applies to the 0.9.7 and later versions. Best regards, Lutz ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]