hi,
I've wrote here some days ago:
http://marc.info/?l=apache-httpd-users&m=123979308812574&w=2
I've digged the issue:
Note from CHANGES of openssl 0.9.8f:
*) In the SSL/TLS server implementation, be strict about session ID
context matching (which matters if an application uses a single
hi,
Is it a bug ?
This is scenarion for CentOS 5.3 (apache 2.2.3 + openssl-0.9.8e)
1. Simple httpd.conf (nothing special) + ssl part, selfsigned certs + CA:
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/urandom 512
SSLSessionCache shmcb:/var/cache/mod_ssl/ssl_scache