Running the Apache test suite for Apache 2.4 with OpenSSL 1.1.0 adjustments, I get
error:14180044:SSL routines:tls_post_process_client_key_exchange:internal error The error is triggered in tls_post_process_client_key_exchange() file ssl/statem/statem_srvr.c which checks s->s3->handshake_buffer against NULL: 2631 if (!s->s3->handshake_buffer) { 2632 SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE, 2633 ERR_R_INTERNAL_ERROR); 2634 ossl_statem_set_error(s); 2635 return WORK_ERROR; 2636 } Running the test, the handshake_buffer gets set in ssl3_init_finished_mac(), then cleared in tls_post_process_client_hello() which calls ssl3_digest_cached_records() with "keep" equals 0. This resets the handshake_buffer to NULL. Then later tls1_generate_master_secret() again calls ssl3_digest_cached_records() with keep set to 1 (but the handshake_buffer is already NULL and stays like that) and finally tls_post_process_client_key_exchange() throws the error because the handshake_buffer is NULL. The message sequence was: server Loop: SSLv3/TLS write hello request client Loop: SSLv3/TLS write client hello server Loop: SSLv3/TLS read client hello server Loop: SSLv3/TLS write server hello server Loop: SSLv3/TLS write certificate server Loop: SSLv3/TLS write key exchange server Loop: SSLv3/TLS write server done client Loop: SSLv3/TLS write client hello client Loop: SSLv3/TLS read server hello client Loop: SSLv3/TLS read server certificate client Loop: SSLv3/TLS read server key exchange client Loop: SSLv3/TLS read server done client Loop: SSLv3/TLS write client certificate client Loop: SSLv3/TLS write client key exchange client Loop: SSLv3/TLS write certificate verify client Loop: SSLv3/TLS write change cipher spec client Loop: SSLv3/TLS write finished server Loop: SSLv3/TLS write server done server Loop: SSLv3/TLS read client certificate server error:14180044:SSL routines:tls_post_process_client_key_exchange:internal error Regards, Rainer -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4329 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev