A serious regression was introduced in 1.0.1d that corrupts the data stream under certain circumstances.
Firefox requests to an Apache server running on Linux/X86_64 with OpenSSL-1.0.1d result in "501 Server Error" responses. OpenSSL versions 1.0.1c and earlier are not affected. i686 (32 bit) versions are also not affected. An excerpt from the Apache log with 1.0.1c, showing correct behavior: 10.1.2.3 - - [05/Feb/2013:23:06:59 -0500] "GET / HTTP/1.1" 200 203 "-" "Mozilla/5.0 (X11; Linux i686; rv:18.0) Gecko/20100101 Firefox/18.0" 10.1.2.3 - - [05/Feb/2013:23:30:39 -0500] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (X11; Linux i686; rv:18.0) Gecko/20100101 Firefox/18.0" An excerpt from the Apache log with 1.0.1d, clearly showing the invalid request: 10.1.2.3 - - [05/Feb/2013:22:47:02 -0500] "G\xedET / HTTP/1.1" 501 932 "-" "Mozilla/5.0 (X11; Linux i686; rv:18.0) Gecko/20100101 Firefox/18.0" 10.1.2.3 - - [05/Feb/2013:23:04:03 -0500] "G<ET / HTTP/1.1" 501 932 "-" "Mozilla/5.0 (X11; Linux i686; rv:18.0) Gecko/20100101 Firefox/18.0" A look at the ssl-request log from Apache is also interesting, as Firefox sees corruption (first log line) but Links (text-based web browser, second log line) does not. This hints at it being cipher-specific: 10.1.2.3 TLSv1 ECDHE-RSA-AES256-SHA "G\xedET / HTTP/1.1" 932 10.1.2.3 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 203 I haven't had a chance (yet?) to bisect the code to find the culprit, but I can take a stab at it if a developer doesn't know off the top of their head just where it might be. The OS here is Slackware-64. Compiler is gcc-4.7.2, binutils 2.23.51.0.6, glibc 2.15. A portion of the output of configure is: Configuring for linux-x86_64 no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir) no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir) no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5 no-md2 [default] OPENSSL_NO_MD2 (skip dir) no-sctp [default] OPENSSL_NO_SCTP (skip dir) no-store [experimental] OPENSSL_NO_STORE (skip dir) IsMK1MF=0 CC =gcc CFLAG =-fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM EX_LIBS =-ldl CPUID_OBJ =x86_64cpuid.o BN_ASM =x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o DES_ENC =des_enc.o fcrypt_b.o AES_ENC =aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o BF_ENC =bf_enc.o CAST_ENC =c_enc.o RC4_ENC =rc4-x86_64.o rc4-md5-x86_64.o RC5_ENC =rc5_enc.o MD5_OBJ_ASM =md5-x86_64.o SHA1_OBJ_ASM =sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o RMD160_OBJ_ASM= CMLL_ENC =cmll-x86_64.o cmll_misc.o MODES_OBJ =ghash-x86_64.o ENGINES_OBJ = PROCESSOR = RANLIB =/usr/bin/ranlib ARFLAGS = PERL =/usr/bin/perl SIXTY_FOUR_BIT_LONG mode DES_UNROLL used DES_INT used RC4_CHUNK is unsigned long Best regards, Kris Karas ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org