I've got a bug report that my MTA fails from time to time during the TLS handshake with the following error:
4476:error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized:ssl_sess.c:413 (OpenSSL 0.9.8m and 1.0.0.Beta5) The MTA tries to turn off the session cache using SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF), however, that does not seem to be sufficient. I looked at the OpenSSL source code: ssl_get_prev_session() and according to my reading and some debug output that I added it seems it is not obeying the SSL_SESS_CACHE_OFF setting. after tls1_process_ticket() I get: ssl_get_prev_session, tlsext, r=1, mode=0 then if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) is taken: ssl_get_prev_session, mode=1, VRFY=1 and the invocation fails: 8288:error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context unini tialized:ssl_sess.c:535 Should SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF) be sufficient to turn off the session cache? It seems more is necessary, e.g., SSL_CTX_set_session_id_context() at least? If so, can that be documented please? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org