On Fri, Sep 17, 2004 at 12:39:23AM +0200, Frédéric Giudicelli wrote:
Jacques A. Vidrine wrote:
Thanks! What did you use for this test? If you are using OpenSSL,
did the client do SSL_get_session and SSL_set_session? I'm assuming
that the handshake completed because your second connection used the
previously generated master_secret.
You're right, when I unset the master key, the connection fails !
Oh good, then the behavior is as expected.
But there is still a question I wonder about, how come when
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is set, the list of acceptable
ciphers is ignored ?
If I did set ALL:!NULL, do I really want the user to be allowed to
specify RSA-NULL as the new cipher ?
Actually, I am not familiar with the history, but I assume that it is
required to work around quirks in some version of Netscape. Maybe
someone else will be able to tell us more.
Cheers,
--
Jacques A Vidrine / NTT/Verio
[EMAIL PROTECTED] / [EMAIL PROTECTED] / [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]