On Sun, 24 Jan 2010 15:12:40 +0100, "Dr. Stephen Henson" <st...@openssl.org> wrote: > I've traced the cause this was *fun*. The full story is in: > > http://cvs.openssl.org/chngview?cn=19145 > > This is a case of a bug in OpenSSL (PR#1949) being fixed but a related bug in > Apache still existing in older versions. > > The clue to this was that the hello request message was never sent back to the > client. As a result it never initiated the renegotiation handsgake and > appeared > to refuse the renegotiation request (which we regard as a fatal error) and > that was the result. > > The above patch should address this, if you trace the reference in PR#1949 > you'll also see and Apache only fix for this.
Steve, Thanks very much for the prompt diagnosis and fix! Michael
pgpo0dBv6EjOg.pgp
Description: PGP signature
