netscape hangs before validating client certificate

[Demos]

Running Netscape 4.5, 4.74 the browser hangs when accessing an SSL
enabled site and attempting Handshake. This only happens on the first
attempt of client authentication with the server and if the user reloads
the page Netscape wakes up and finishes the SSL handshake and everything
is fine. Also, this seems to be related to the "Ask Everytime" value
set for the user certificates in security info. Client does not want
users to have to change their security preferences in the browser nor
does the client want the user to have to reload the page when the
browser hangs. The Web server is running iAS 1.0 using mod_ssl.

[Dr S N Henson]

This is due to what I believe is a bug in Netscape where it has problems
with client authentication before the user has entered the password the
first time. If you manually login or have already logged in for some
reason it shouldn't happen.

Which version of OpenSSL are you using? OpenSSL 0.9.5 had a work around
for this and it should no longer happen.

Check the CHANGES file and bugs/SSLv3 files in OpenSSL 0.9.5 or later
for a more complete description.

Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: she...@drh-consultancy.demon.co.uk
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: d...@celocom.com PGP key: via homepage.