Shibboleth Developers

[Kaspar Brand <>]

>> With the s_client commannd (from a "stock"
>> 0.9.8j version), you could also try "-no_ticket" and see if that helps
>> (will disable one of the TLS extensions, which might be the culprit here).
> 
> Yep. That appears to fix it (just from s_client of course).
> 
> I don't know if there's any way to get libcurl to match that option's
> behavior.

Upgrade to HEAD, yes :-) See the (recent) commit for r1.215:

  http://cool.haxx.se/cvs.cgi/curl/lib/ssluse.c

They now disable the ticket extension by default (through OpenSSL's
SSL_OP_NO_TICKET option).

Kaspar