[levitte - Fri Nov 15 00:46:03 2002]:
> This ticket looks resolved, so I'll mark it as such.
No, it is not resolved. There is a reliable workaround
(REUSE_CIPHER_CHANGE_BUG). As this is part of OP_ALL, the problem can
only arise for those few applications not enabling the default
workarounds. The correct solution is either to change the check or to
set session->cipher in d2i_SSL_SESSION().
I will fix it over the weekend.
Reopening,
Lutz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
