Using OpenSSL version 0.9.8f (released 11-Oct-2007) causes each new SSL session to log: [Wed Oct 17 12:11:39 2007] [error] unusably short session_id provided (0 bytes) This is not really an Apache bug. It is OpenSSL bug 1591: http://rt.openssl.org/Ticket/Display.html?id=1591&user=guest&pass=guest Noted here because this causes excessive error log entries when OpenSSL 0.9.8f is used with Apache.
OpenSSL 0.9.8g has been released 19-Oct-2007 which corrects this bug.