httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <>
Subject Re: Strange error(parse tlsext bug) in mod_ssl since httpd-2.2.12
Date Thu, 22 Oct 2009 17:07:27 GMT
Kamesh Jayachandran wrote:
> On 10/22/2009 05:24 PM, Dr Stephen Henson wrote:
>> That's due to the function pointer issues which gcc 4.2 and later
>> doesn't like:
>> this was fixed in newer versions of OpenSSL.
> Is there any switch we can pass to gcc 4.2 to compile and make it work
> properly.

No. If you really want to use 0.9.8b it needs an older version of gcc or you can
backport the fixes.

They are rather extensive but mainly contained in:


OpenSSL 0.9.8b doesn't use TLS extensions at all.

>> Do you need TLS extensions on the client/server? If not try compiling
>> OpenSSL
>> with no-tlsext.
> May not be possible as *client* builds are not in our control.
> I believe no-tlsext does *not* disable TLS functionality itself.

The no-tlsext option disables TLS extension functionality. If that works on the
server side then an alternative workaround could be found.

>> Did you say what version of OpenSSL the failing client was using on
>> Windows?
> It happens with openssl-0.9.8j on client openssl-0.9.8k on server

Hmm... could be 0.9.8j sending bad data with invalid extension syntax under rare

A packet sniffer or logging the errant extensions received by OpenSSL could help
trace this further.

Dr Stephen N. Henson. Senior Technical/Cryptography Advisor,
Open Source Software Institute:
OpenSSL Core team:

View raw message