This SSLeay/OpenSSL behaviour appears to be correct; from RFC 2246:
session_id_length
This field must have a value of either zero or 16. If zero, the
client is creating a new session. If 16, the session_id field
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
