Yes - the patch at http://cvs.openssl.org/chngview?cn=16691 corrects the problem.
Tested with Apache 2.2.6 on Windows and Debian 4.0. -tom- Stephen Henson via RT wrote: > The code was changed when TLS ticket support was added. In that case a > zero length session ID can result in a resumed session based on the > ticket. It didn't catch the case where ticket resumtion failed and the > session legth was zero. > > This patch should fix it: > > http://cvs.openssl.org/chngview?cn=16691 > > Steve. > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
