However, said same client hitting a 0.9.7-based mod_ssl results in a failure on SSL Session renegotiation if, and only if, the SSL Session has expired from the cache.
I've ruled out Apache as the culprit, as the openSSL error we receive is specific to the client handshake:
> [Sun Dec 14 21:05:53 2003] [error] SSL handshake failed (server > <redacted>:443, client <redacted>) > [Sun Dec 14 21:05:53 2003] [error] SSL Library Error: 336117909 > error:1408C095:lib(20):func(140):reason(149)
Library 20 is the SSL Library (as expected). Function 140: EC_F_EC_GROUP_GET_FINISHED Reason 149: SSL_R_DIGEST_CHECK_FAILED
my first instinct is they're munging the message in a way that openssl 0.9.6 used to allow but future versions (being more compliant) do not. The handshake is also being initiated on a client that does not monotonically increase the time as reported in the SSL Handshake. While this wasn't an issue under 0.9.6, might this be an issue under 0.9.7 (and more specifically, would it cause this error?)
Thanks in advance for any ideas on where to look. :)
-- Ken Snider
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
