Hi Holger,
sounds like a tricky issue ...
a few questions here:
- has the Windows 7 box all the latest patches from MS?
- any reason not to use openssl1.0.1e?
- any "security" software ("suites", software firewalls, anti-virus)
which may intercept the SSL/TLS session (basically: do you see your
real certificate in the browser or do you see a certificate of a
"security product")?
- could you reproduce this with a self-signed certificate you *don't* use
in production (so that the private key can be disclosed for
troubleshooting), tcpdump the ssl session and provide the capture,
including the private server certificate?
Thanks,
Lukas
