Hello, This is slightly off topic, but seems to be the best place for a good answer. I have been doing some research into secure random number generators and noticed that Netscape and Opera only send a 16 byte random value in their client hello message, while OpenSSL and IE 5 send the full 32 bytes. Then I noticed the SSL_OP_NETSCAPE_CHALLENGE_BUG flag in ssl23_client_hello(), which seems to make OpenSSL perform the same way as Netscape and Opera when set and a note in bugs/SSLv3 about Netscape-Commerce/1.12 only using 16 of the 32 bytes when using SSLv2. Does anyone know how widespread the SSLv2 server problem is? Is it only Commerce 1.12 that does this or are there others? I would appreciate any info you have on this. thanks, brian ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
