HI! For security reasons I'm using env var SSL_SESSION_ID to cross-check the application's session ID with the SSL session ID in my web application. This works without any issues on my openSUSE boxes. Browser is Seamonkey 2.0.4.
But I have problems with Apache 2.2.3 shipped with Red Hat Enterprise Linux Server release 5.5 (Tikanga) Cery soon the SSL session seems to be renegotiated resulting in a new value in SSL_SESSION_ID Relevant settings for SSL session resumptions: SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 7200 Any hint? Were there relevant fixes to mod_ssl after release 2.2.3? Or maybe Red Hat backported patches against renegotiation attacks which cause the issue? Ciao, Michael. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majord...@modssl.org
