James K Hendrix <[EMAIL PROTECTED]>:
> I am fairly new to OpenSSL programming, so let me describe my problem
> in detail first. I have a program which uses OpenSSL 0.9.3a to
> connect to a HTTPS server.
Let me guess, a Netscape server?
[...]
> create SSL session (SSL_new)
> while (not done) {
> create a new socket
> bind SSL session to socket (SSL_set_fd)
> perform SSL negotiation (SSL_connect)
> read/write data
> close socket
> }
> I'm getting an error during the second pass of the while loop:
> 85494:error:140920C5:SSL routines:SSL3_GET_SERVER_HELLO:old session
> cipher not returned:s3_clnt.c:635:
[...]
> The interesting thing is that I do not get this
> error at all when connecting to a different server (both hardware and
> software) [...]
> Any ideas on how to fix this? Is it as simple as setting a
> configuration flag in the context or session, [...]
Yes, it appears to be; and the above error message pointed you to the
place in the source code where you can point the name of the flag: You
should know that 635 is the line number inside the s3_clnt.c file.
There you can find that the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
disables the check that leads to the above message. You can use
SSL_CTX_set_options(ctx, SSL_blah_blah_BUG) to set that option (in
case you want to set other options to, or them togehter).
> or should I re-create the context and session during each pass of
> the while loop?
Instead of doing this (I think you mean "re-create the SSL", not
the SSL_CTX), you could call SSL_set_session(ssl, NULL) after each
iteration. But it would disable sessions completely, which is bad
for performance -- use the workaround option instead.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
