Hello All, I am using openssl 0.9.8r on one Linux box (BoxA) communicating with another Linux box running openssl 1.0.0e (BoxB).
There are certain curl uploads that need to occur from BoxA --> BoxB. Usually we don't have any problems. But in a simulated environment, where there could be significant delay/latency (~2 to 3 seconds) in traffic between BoxA and BoxB, we are seeing that the curl operations are not completing as expected. Curl is sending the HTTP-100 message, in the middle of TLS Re-Negotiation, and causing BoxB to send a Fatal Alert and closing the connection. According to the TLS spec, apparently, the TLS implementation should simply ignore those unexpected messages and continue with re-negotiation?? Upon digging some openssl bug reports, we came across these two Bug Tickets. And looks like they were never addressed ? http://rt.openssl.org/Ticket/Display.html?id=2146&user=guest&pass=guest http://rt.openssl.org/Ticket/Display.html?id=2481&user=guest&pass=guest Just was trying to find out if the openssl community ever addressed this "bug" ? If so what openssl version(s) have a fix for this? Any additional information related to the bug mentioned above would be greatly appreciated. Thanks, -Rezaul.
