1See documentation. 2Following are some common errors to watch out for: 3 4 5It doesn't work together with Storable::fd_retrieve|fd_store, see 6https://rt.cpan.org/Ticket/Display.html?id=23419. 7You need to use freeze/nfreeze/thaw and syswrite/sysread the data 8yourself. See the bug for examples how to do it. 9 10--------------------- 11 12If you get an SSL connection but not certificate you might check 13the cipher with Net::SSLeay::get_cipher( $socket->_get_ssl_object ). 14If it is something like 'ADH-AES256-SHA' you should try to disable 15ADH in your cipherlist, e.g. set SSL_cipherlist to 'ALL:!ADH' 16or just leave it empty so that it uses the openssl default 17which does not include ADH. 18 19--------------------- 20 21There is a problem with openssl versions 0.9.8a and 0.9.8b, see 22http://marc.theaimsgroup.com/?l=openssl-dev&m=113550694922967&w=2 23The bug was fixed in newer releases, but if you are forced to use 24these buggy versions you should apply a patch to Net::SSLeay 1.30, 25see http://rt.cpan.org/Public/Bug/Display.html?id=22910. 26 27--------------------- 28 29IO::Socket::SSL does not currently support using both IPv4 and IPv6 in 30the same program. For a quick workaround, copy the module 'SSL.pm' to 31another named 'SSL6.pm' and adjust the package declaration 32accordingly. Support for this feature is planned in the next release. 33 34--------------------- 35 36If you plan on having IO::Socket::SSL sockets auto-close themselves 37when they go out of scope (like LWP::UserAgent expects), you will 38need to get Scalar::Util or WeakRef from CPAN (Scalar::Util comes 39standard with Perl 5.8.0 and above). This is because the self-tying 40mechanism that IO::Socket::SSL uses to appear simultaneously as an 41object and a glob reference only works if a circular reference is 42used. 43 44--------------------- 45 46Note that a random number generator is required for the proper 47operation of this module. Systems that have /dev/random or 48/dev/urandom are fine, but those that do not, like most versions 49of Solaris, will need to fetch one before installing IO::Socket::SSL. 50If you don't already have a favorite, try EGD (egd.sourceforge.net). 51 52--------------------- 53 54Versions of perl-ldap below v0.26 do not work with this version 55of IO::Socket::SSL because they contain a workaround for old 56versions of IO::Socket::SSL that breaks new versions. 57 58--------------------- 59 60Note that when writing a preforking server (a server that accepts a 61connection and then hands it off to a child for processing), it is 62best to handle SSL negotiation after the socket has been passed to 63the child (using socket_to_SSL()). If implemented so that the server 64handles negotiation, a failed negotiation may tie up the server until 65the connection times out. 66 67--------------------- 68 69One user mentioned that the following did not work as it should in 70IO::Socket::SSL, but worked in IO::Socket::INET: 71 72chomp($var = <$socket>); 73print ord(chop($var)); # Prints "10" for people using ASCII 74 75This is due to a bug in Perl that is fixed in 5.8.1. If you need 76a workaround, try one of the following: 77 78chomp($var = $socket->getline()); 79chomp($var = scalar <$socket>); 80chomp($var = $var = <$socket>); 81 82Any function that returns the value of <$socket> (in scalar context) 83unchanged will work. 84 85--------------------- 86 87If you have 384-bit RSA keys you need to use Diffie Hellman Key Exchange. 88See the parameter SSL_dh_file or SSL_dh for how to use it and 89http://groups.google.de/group/mailing.openssl.users/msg/d60330cfa7a6034b 90for an explanation why you need it. 91 92-- 93Peter Behroozi (behrooz at fas.harvard.edu) 94Steffen Ullrich (Steffen_Ullrich at genua.de) 95