Hello,
> I have a SSL server that uses Openssl 9.7e. It works fine initially
> but after a bit load (like 200+ connection), lots of SSL hanshake
> failure occurs. The failure reason given is SSL_ERROR_SSL and the
> string received is
>
> error:140730FF:lib(20):func(115):reason(255):.\ssl\s23_srvr.c:227
>
> On looking in the openssl code, the error is
> SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);
>
> This error is not coming for initial connections but after some time.
>
> I am not new'ing and deleting SSL object but maintaining a pool of SSL
> objects that are reused after SSL_clear call. Do we need to do
> anything else apart from SSL_clear before using SSL objects?.
>
> I debugged more and it appears when first time SSL object is used, its
> variables "state" and "rstate" has values 24576 and 240. When I free
> this using SSL_free and SSL_new than again the state and rstate has
> same values and no problem in SSL_accept.
>
> But when I try not to SSL_free object and reuse that than its a
> problem. The state=8576 and rstate=240 and I got this error in the
> error string
> error:140730FF:lib(20):func(115):reason(255):.\ssl\s23_srvr.c:227
>
> Can someone please let me know why SSL_clear is not working or I am
> doing some other mistake.
$ man SSL_clear
....
WARNINGS
SSL_clear() resets the SSL object to allow for another
connection. The reset operation however keeps several settings of the
last sessions (some of these settings were made automatically during the
last handshake).
It only makes sense when opening a new session (or reusing an old one)
with the same peer that shares these settings. SSL_clear() is not a
short form for the sequence SSL_free(3); SSL_new(3);
....
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
