On Wed, Sep 18, 2002 at 09:09:41AM +0200, Steve Haslam via RT wrote:
>
> On Wed, Sep 18, 2002 at 02:58:53AM +0100, Steve Haslam wrote:
> > So, according to ssldump, the "cipherSuite" entry in the ServerHello is the
> > same the second time round. Is it a problem that the client seems to be in
> > "read server hello B" state twice?
> >
> > OK, can anyone advise me? Is ssldump really useful for debugging or is there
> > something I can do with the ssl libs to show more debugging info? I'm using
> > OpenSSL 0.9.6g (from the Debian package) on both machines.
>
> Addendum: I added
>
> fprintf(stderr, "SSL DEBUG HACK: s->hit=%d, c=%p (%s), s->session->cipher=%p
> (%s)\n", s->hit, c, SSL_CIPHER_get_name(c), s->session->cipher,
> SSL_CIPHER_get_name(s->session->cipher));
>
> to s3_clnt.c at line 704, and it output this:
>
> SSL DEBUG HACK: s->hit=1, c=0x815217c (EDH-DSS-DES-CBC3-SHA),
> s->session->cipher=(nil) ((NONE))
>
> maybe there's a problem with deserialising the session?
Yes. When the session is reloaded from the external cache not all pointers
are set up. I discussed these problems in private mail with Mike Benham
one month ago and during this discussion he found this problem.
At this time I added it to my personal TODO list but did not create a
ticket for it, as I thought that I would find time to handle it earlier.
This time I have bounced your report into RT2.
Workaround: the problem is does not appear, when
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, which is part of
SSL_OP_ALL (see "man SSL_CTX_set_options"). As most applications enable
SSL_OP_ALL, the problem was not discovered until now, even though it
must be pretty old.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
