[[EMAIL PROTECTED] - Wed Dec  4 09:59:14 2002]:  
  
> Hi,  
>   
> While using openssl to test caching of session id's, I noticed that  
the  
> session id of SSLv2 is not being extracted out of the message  
correctly.  
>   
> The spec (http://wp.netscape.com/eng/security/SSL_2.html) says that  
the  
> server_finished message is of the following format:  
>   
>     char MSG-SERVER-FINISHED  
>     char SESSION-ID-DATA[N-1]  
>   
> Where MSG-SERVER-FINISHED is specified as 0x06.  
>   
> When I do  
>   
> $ openssl s_client -ssl2 -connect www.openssl.org:443  
>   
> then the openssl _always_ reports the session id as starting with  
0x06,  
> which is clearly not correct.  
>   
> It would appear that the SSLv2 code is not correctly skipping over  
the  
> MSG-SERVER-FINISHED char.  
  
Thanks. Your analysis is correct. I have just checked in an according  
patch, resolving the ticket.  
  
Best regards,  
        Lutz  
  
  
  
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]


Reply via email to