We are using a wildcard certificate requiring SNI and are also requiring client certificate authentication. Our TLS 1.2 client is seeing a ChangeCipherspec record with length 30 bytes (x19) instead of the expected 0x01. The broken ChangeCipherspec record looks like this (hex) *14 03 03 00 01 19*. Is this a problem with the TLS 1.2 client, or a problem with the OpenSSL 1.0.2d patch (for CVE-2015-1793)? Thanks, Paul Hebert/State University of New York -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150806/39449ec9/attachment.html>