Bug 43644

Summary: OpenSSL 0.9.8f causes "unusably short session_id provided" errors
Product: Apache httpd-2 Reporter: Tom Donovan <Tom.Donovan>
Component: mod_sslAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: RESOLVED FIXED    
Severity: normal Keywords: ErrorMessage
Priority: P2    
Version: 2.2.6   
Target Milestone: ---   
Hardware: All   
OS: other   

Description Tom Donovan 2007-10-17 09:25:31 UTC 
Using OpenSSL version 0.9.8f (released 11-Oct-2007) causes each new SSL session
to log:

[Wed Oct 17 12:11:39 2007] [error] unusably short session_id provided (0 bytes)

This is not really an Apache bug. It is OpenSSL bug 1591:
 http://rt.openssl.org/Ticket/Display.html?id=1591&user=guest&pass=guest

Noted here because this causes excessive error log entries when OpenSSL 0.9.8f
is used with Apache.
Comment 1 Tom Donovan 2007-10-19 06:54:26 UTC 
OpenSSL 0.9.8g has been released 19-Oct-2007 which corrects this bug.