[openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken

[Salz, Rich]

> AFAICT if SSL_read returns between the first handshake and the second, you
> don't get the problem.

I think it should not matter when or what SSL_read returns.  That should only be returning application-level data to the caller.  All state manipulations, etc., should be done underneath and completely hidden.  So yes, I vote for fixing.