RFC 5077 section 3.3 says:
If the server determines that it does not want to include a
ticket after it has included the SessionTicket extension in the
ServerHello, then it sends a zero-length ticket in the
NewSessionTicket handshake message.
However an OpenSSL 1.0.1 client will
RFC 4492 says:
A client that receives a ServerHello message containing a Supported
Point Formats Extension MUST respect the server's choice of point
formats during the handshake (cf. Sections 5.6 and 5.7). If no
Supported Point Formats Extension is received with the ServerHello,
Here's a WAG: ldd the test binaries on the FC2 box -- it's possible they ended
up getting linked with the FC2 OpenSSL libs.
If that's not it, I'm out of ideas. :)
-Jack
On Wed, Oct 27, 2004 at 02:57:08PM +0200, Andreas M. Kirchwitz via RT wrote:
Hi OpenSSL team!
I downloaded the new
Summary: Threaded applications using the AEP engine break badly on Linux.
The AEP engine has the following code to see if the application has forked, and
if so, shutdown and reinitialize the library (in aep_get_connection,
crypto/engine/hw_aep.c):
/*Check if this is the first time this
for this fix.
[[EMAIL PROTECTED] - Thu Nov 14 19:05:29 2002]:
In message [EMAIL PROTECTED] on Thu, 14 Nov
2002 18:54:21 +0100 (MET), Jack Lloyd via RT [EMAIL PROTECTED] said:
rt Looks like the 1.1 TLS draft spec uses the same wording. Perhaps
someone
rt should contact the TLS WG and ask
On Thu, 14 Nov 2002, Richard Levitte via RT wrote:
Can it be shown that this is a problem at a TLS level? I'd hate to
make the proposed change just to discover that it breaks
interoperability with other TLS clients and servers.
RFC 2246 is very vague:
8.1.2. Diffie-Hellman
A
Hi,
It seems that DH_compute_key is slightly incompatable with PKCS #3, if the
derived secret z is too small. In particular, section 8.3 of PKCS #3
Integer-to-octet-string conversion, specifies that that output of the
operation should be exactly k bytes long (where k is the number of bytes in
