The error the client is receiving is a handshake error 40 (0x28). The error description generated in the Apache error log is: Library Error: 336117909 error:1408C095:lib(20):func(140):reason(149) lib 20: SSL Library func 140: EC_F_EC_GROUP_GET_FINISHED reason 149: SSL_R_DIGEST_CHECK_FAILED
..and is generated after the server receives the client response to the ServerHello with certificate. The client response consists of a: - ClientKeyExchange - ChangeCipherSpec - EncryptedHandshake
For this packet in question.
This does *not* happen against a 0.9.6-based mod_ssl of the same version of Apache.
Now, my questions.
1 - Has anyone seen this specific error before in an implementation? (SSL_R_DIGEST_CHECK_FAILED)?
2 - Is there a way to narrow down whether this error
is caused by the ClientKeyExchange or the EncryptedHandshake?
Any information would be appreciated. We're frankly scratching our heads as to where this problem is coming from.
-- Ken Snider
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
