Matt Caswell

> openssl dgst -hmac "$FIPS_KEY_STRING" -hex -c -sha256 "$FRAMEWORK_BINARY" I believe the "-hmac" option takes the passed key directly and uses it, i.e. the string is used rather than the...

There are several CLA issues remaining. There appear to be multiple different author email addresses in use in this PR. We have a "Michael Krueger" in our cla db and...

OpenSSL is failing to find a mutually supported protocol version. The ClientHello is only offering a maximum of TLSv1.0 which is very old. What protocol versions are enabled in your...

How do you create your `SSL_CTX` and how do you enable the protocol versions? (BTW: You certainly do not support SSLv2 since OpenSSL 1.1.1 does not support it. SSLv3 support...

I suspect a configuration problem somewhere which means that TLSv1.0 is not actually available in your server. But, unfortunately I'm not familiar with Ruby or EventMachine to provide specific advice...

> I instrumented the code in hope to find "the" culprit and found something like 80 calls to any flavor of pthread_rwlock_*() in a single accept/get/response/close cycle! @wtarreau - I...

> But I think I will eventually again relatively soon, so as time permits I'll try to collect more info. The other thing to bear in mind is that there...

> SSL_set_fd(ssl, socket); // socket is the existing connection If I understand you correctly you have an existing TLS connection on an fd and you are trying to set it...

> It is OK to do SSL_renegotiate and SSL_do_handshake on that old SSL. There are Encrypted Handshake Messages. Yes. That is expected and the way renegotiation works. A new handshake...

> CI is relevant Fixup pushed.