On Wed, Sep 18, 2002 at 09:09:41AM +0200, Steve Haslam via RT wrote: > > On Wed, Sep 18, 2002 at 02:58:53AM +0100, Steve Haslam wrote: > > So, according to ssldump, the "cipherSuite" entry in the ServerHello is the > > same the second time round. Is it a problem that the client seems to be in > > "read server hello B" state twice? > > > > OK, can anyone advise me? Is ssldump really useful for debugging or is there > > something I can do with the ssl libs to show more debugging info? I'm using > > OpenSSL 0.9.6g (from the Debian package) on both machines. > > Addendum: I added > > fprintf(stderr, "SSL DEBUG HACK: s->hit=%d, c=%p (%s), s->session->cipher=%p > (%s)\n", s->hit, c, SSL_CIPHER_get_name(c), s->session->cipher, > SSL_CIPHER_get_name(s->session->cipher)); > > to s3_clnt.c at line 704, and it output this: > > SSL DEBUG HACK: s->hit=1, c=0x815217c (EDH-DSS-DES-CBC3-SHA), > s->session->cipher=(nil) ((NONE)) > > maybe there's a problem with deserialising the session?
Yes. When the session is reloaded from the external cache not all pointers are set up. I discussed these problems in private mail with Mike Benham one month ago and during this discussion he found this problem. At this time I added it to my personal TODO list but did not create a ticket for it, as I thought that I would find time to handle it earlier. This time I have bounced your report into RT2. Workaround: the problem is does not appear, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, which is part of SSL_OP_ALL (see "man SSL_CTX_set_options"). As most applications enable SSL_OP_ALL, the problem was not discovered until now, even though it must be pretty old. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]