-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi list,

We have a server with openssl0.9.8b (debianized) that shows a repeating log
message saying:

Aug 15 22:29:21 www squid[20079]: fwdNegotiateSSL: Error negotiating SSL
connection on FD 31: error:1408C095:SSL routines:SSL3_GET_FINISHED:digest
check failed (1/0/0)
Aug 15 22:29:21 www squid[20079]: TCP connection to 127.0.0.1/443 failed

The "digest check failed" comes back a couple of times per day, sometimes a
few of these messages in a row, sometimes there's none empty for a few hours.

The thing is, this is Squid + openssl connecting to the same machine, with
the same library. So:

So one single machine runs:
squid + openssl 0.9.8b --------- openssl 0.9.8b apache2

Now we are fully aware of the sillyness of running OpenSSL on a connection
to 127.0.0.1 - due to a 3rd party application oddity we have to.

We already have (or have had):
different (older) versions of OpenSSL. Same error. Different machines. Same
error. Different Apache2 (same error). The errors first came up after the
migration from Websphere 4 to Websphere 5.

The point is: we just don't know where to look next and we are starting to
think of a bug somewhere, hence this mail to OpenSSL-dev.

- - what is the cause of "digest check failed"?
- - how could that - possibly - happen on one machine?
- - what should we do, what should we test next?

Best regards,

Valentijn Sessink
- --
http://www.openoffice.nl/ Open Office - Linux Office Solutions
Valentijn Sessink v.sessink@openoffice.nl +31(0)20-4214059
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD4DBQFE4y9GTRf3oaxjt6kRAqqzAJ9HUrwKgh1sjPUnIKMCoQ eZKNA7VACWIvV5
ltRwz2hJL9bzCbsFcpPvkg==
=v7s5
-----END PGP SIGNATURE-----
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org