Yeah, get rid of RSAREF.
What I'd really like to see is the ability to compile OpenSSL with RSA's
BSAFE Crypto-C toolkit right out of the box. You can do it with 0.9.5a if
you apply a patch you'll find at http://www.lymeware.com/download_fw.html.
Why not use the ciphers in OpenSSL? Because I liv
Mathew,
Sounds like certificate problems. I've set up the nsopenssl module for
AOLserver to do what you're trying to do, so I know that at least OpenSSL
0.9.5a works ok in this regard. I've taken the Dept of Defense root CA and
second level CA and made them available to the web server for verifyi
I'm using OpenSSL 0.9.5a.
The behavior:
1. First hit from browser: session id is
generated
and stored in
cache.
2. Second hit: session id is found in the
cache
and used as
expected.
3. Third hit: session id is found, but *not*
used;
a new session id is created
and store
