Hi Kaspar, I am away from the test environment right now, Will get back in next 13 hours.
With regards Kamesh Jayachandran -----Original Message----- From: Kaspar Brand [mailto:httpd-dev.2...@velox.ch] Sent: Sun 10/25/2009 9:21 PM To: dev@httpd.apache.org Subject: Re: Strange error(parse tlsext bug) in mod_ssl since httpd-2.2.12 Dr Stephen Henson wrote: > Disabling tickets using SSL_OP_NO_TICKET server side SHOULD work too (does in > my > tests) so I've no idea why that wouldn't in the OPs setup unless the patch > doesn't set it in all contexts. Try placing it right after any call to > SSL_CTX_new(). I'm still a bit puzzled as to why my previously posted patch does not turn off TLS session tickets... there's only one place in mod_ssl where a new context is created, and in my tests, SSL_OP_NO_TICKET was reliably applied (i.e., I didn't see any session tickets on the wire). Maybe there's another issue if tickets are turned off? Kamesh, could you apply the attached patch, for diagnostic purposes (in addition to mod_ssl-disable_tls_tickets.diff), and let us know what "options=" values you see in your ErrorLog? Note that you don't have to increase Apache's LogLevel, the options for any new SSL connection will be logged with "warn" already. Also, it would be helpful to have another capture (with mod_ssl patched like this) where the svn client still fails with a "parse tlsext" error. Thanks. Kaspar
