X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=bugs%2FSSLv3;h=a75a1652d953db0c8f7c2fc0a72681649afde6d8;hp=2e22a65cddc7fc2117e7e1241f1c2fe9048d560a;hb=32b1843ec608f156e2910dd807dcf1960ff9502d;hpb=b7896b3cb86d80206af14a14d69b0717786f2729;ds=inline

diff --git a/bugs/SSLv3 b/bugs/SSLv3
index 2e22a65cdd..a75a1652d9 100644
--- a/bugs/SSLv3
+++ b/bugs/SSLv3
@@ -29,7 +29,7 @@ RC4-MD5, but a re-connect tries to use DES-CBC-SHA.  So netscape, when
 doing a re-connect, always takes the first cipher in the cipher list.
 
 If we accept a netscape connection, demand a client cert, have a
-non-self-sighed CA which does not have it's CA in netscape, and the
+non-self-signed CA which does not have it's CA in netscape, and the
 browser has a cert, it will crash/hang.  Works for 3.x and 4.xbeta
 
 Netscape browsers do not really notice the server sending a
@@ -39,3 +39,11 @@ SSL_shutdown() and still sharing the socket with its parent).
 
 Netscape, when using export ciphers, will accept a 1024 bit temporary
 RSA key.  It is supposed to only accept 512.
+
+If Netscape connects to a server which requests a client certificate
+it will frequently hang after the user has selected one and never
+complete the connection. Hitting "Stop" and reload fixes this and
+all subsequent connections work fine. This appears to be because 
+Netscape wont read any new records in when it is awaiting a server
+done message at this point. The fix is to send the certificate request
+and server done messages in one record.