Hi, While using openssl to test caching of session id's, I noticed that the session id of SSLv2 is not being extracted out of the message correctly.
The spec (http://wp.netscape.com/eng/security/SSL_2.html) says that the server_finished message is of the following format: char MSG-SERVER-FINISHED char SESSION-ID-DATA[N-1] Where MSG-SERVER-FINISHED is specified as 0x06. When I do $ openssl s_client -ssl2 -connect www.openssl.org:443 then the openssl _always_ reports the session id as starting with 0x06, which is clearly not correct. It would appear that the SSLv2 code is not correctly skipping over the MSG-SERVER-FINISHED char. Cheers Crispin Flowerday PS. Please CC any replies to me as I am not on the list. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
