On Wed, Sep 18, 2002 at 09:18:22AM +0200, Lutz Jaenicke via RT wrote: > > On Wed, Sep 18, 2002 at 09:09:41AM +0200, Steve Haslam via RT wrote: > > SSL DEBUG HACK: s->hit=1, c=0x815217c (EDH-DSS-DES-CBC3-SHA), > > s->session->cipher=(nil) ((NONE)) > > > > maybe there's a problem with deserialising the session? > > Yes. When the session is reloaded from the external cache not all pointers > are set up. I discussed these problems in private mail with Mike Benham > one month ago and during this discussion he found this problem. > At this time I added it to my personal TODO list but did not create a > ticket for it, as I thought that I would find time to handle it earlier. > > This time I have bounced your report into RT2.
OK, thank you. I didn't know about the OpenSSL RT, but I do now... > Workaround: the problem is does not appear, when > SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, which is part of > SSL_OP_ALL (see "man SSL_CTX_set_options"). As most applications enable > SSL_OP_ALL, the problem was not discovered until now, even though it > must be pretty old. Is enabling SSL_OP_ALL a good idea? I must admit, I hadn't noticed it in any code I was cribbing from. But this is a better workaround than mine (write the cipher id into a buffer and read it with ssl->method->get_cipher_by_char()) SRH -- Steve Haslam Reading, UK [EMAIL PROTECTED] Debian GNU/Linux Maintainer [EMAIL PROTECTED] but I won't admit to needing you I'll never say that's true, not to you [sister machine gun] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
