[openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken
Matt Caswell
matt at openssl.org
Fri Sep 25 10:37:47 UTC 2015
On 25/09/15 11:25, Hubert Kario via RT wrote:
>
> A Finished message is always sent immediately after a change
> cipher spec message to verify that the key exchange and
> authentication processes were successful.
This is perhaps the key statement. It could do with being more explicit
if the intent here is to disallow interleaved app data.
Matt
More information about the openssl-dev
mailing list