Did you say what version of OpenSSL the failing client was using on Windows?It happens with openssl-0.9.8j on client openssl-0.9.8k on serverHmm... could be 0.9.8j sending bad data with invalid extension syntax under rare circumstances. A packet sniffer or logging the errant extensions received by OpenSSL could help trace this further.
Find the tcpdump while this failure occurs at http://www.livecipher.com/tlsext_dump/tlsext.dmp
Thanks with regards Kamesh Jayachandran
