Bug 43644 - OpenSSL 0.9.8f causes "unusably short session_id provided" errors
Summary: OpenSSL 0.9.8f causes "unusably short session_id provided" errors
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.2.6
Hardware: All other
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: ErrorMessage
Depends on:
Blocks:
 
Reported: 2007-10-17 09:25 UTC by Tom Donovan
Modified: 2007-10-19 06:54 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tom Donovan 2007-10-17 09:25:31 UTC
Using OpenSSL version 0.9.8f (released 11-Oct-2007) causes each new SSL session
to log:

[Wed Oct 17 12:11:39 2007] [error] unusably short session_id provided (0 bytes)

This is not really an Apache bug. It is OpenSSL bug 1591:
 http://rt.openssl.org/Ticket/Display.html?id=1591&user=guest&pass=guest

Noted here because this causes excessive error log entries when OpenSSL 0.9.8f
is used with Apache.
Comment 1 Tom Donovan 2007-10-19 06:54:26 UTC
OpenSSL 0.9.8g has been released 19-Oct-2007 which corrects this bug.