On Mon Dec 16 22:20:47 2013, rbar...@yahoo-inc.com wrote: > > Thank you Steve. Not sure how to proceed from here, is there more > information from the core dumps which would be useful? >
Yes, please print out the entire s->s3->handshake_dgst array instead of just the first element. That is: s->s3->handshake_dgst[0] s->s3->handshake_dgst[1] .. up to ... s->s3->handshake_dgst[5] > I suppose this could be an integration issue between traffic server and > openssl, but I don't see how since we don't have any crash issues when > SSL_OP_NO_TLSv1_2 is set in the call to SSL_CTX_set_options for the server > ctx. Keep in mind that we could be dealing with a not-well-behaved or > well intentioned client. > OpenSSL of course should not crash when presented with a broken or mailicious client. Well if you have SSL_OP_NO_TLSv1_2 set then the only MD5+SHA1 digests in that array are set. If however you use TLS v1.2 then others can be used too. So it's possible that something is confusing that array initialisation using a TLS v1.2 client, but I'm not sure of the mechanism. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
