[openssl.org #274] session ID length bug (in 0.9.6g and 0.9.7beta3)

[Bodo Moeller via RT]

Sorry, the RFC 2246 quote was incorrect -- the value 16 is for
SSL 2.0 session IDs only, and the SSLeay/OpenSSL interpretation
indeed is buggy.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]