This bug is not platform specific. Some proxies, such as nginx, implement custom session caches via the openssl callback API's. This implementation makes use of the i2d_SSL_SESSION API to copy the session into a contiguous block of memory. When the next session matches, the cache calls d2i_SSL_SESSION to transform the block of memory back into a session object, which it then returns to OpenSSL. However, the session's compress_meth is not persisted i2d_SSL_SESSION, so if the compress_meth is non-zero, it is not properly restored. The SSL connection then fails with a 'error:1408F06B:SSL routines:SSL3_GET_RECORD:bad decompression' on the client side.
Sean Cunningham MANDIANT Software Engineer 675 North Washington Street Suite 210 Alexandria, VA 22314 703.683.3141 t 703.683.2891 f sean.cunning...@mandiant.com www.mandiant.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
