[openssl-users] How to make a rehandshake(renegotiation)?

Serj Rakitov rasjv at yandex.com
Wed Mar 11 16:02:30 UTC 2015

10.03.2015, 21:40, "Salz, Rich" <rsalz at akamai.com>:
> Yes.
> You probably need more than that. :) Take a look at the apps/s_client and look for the 'R' constant to see how to do client-initiated reneg.

I have took a look at the apps/s_client.
I see only several lines of code about renegotiation:
                static int iiii;
                if (++iiii == 52) {
                    iiii = 0;
            if ((!c_ign_eof) && (cbuf[0] == 'R')) {
                BIO_printf(bio_err, "RENEGOTIATING\n");
                cbuf_len = 0;

So only one function is used: SSL_renegotiate
I also use it - but nothing happens or error:

OpenSSL error: 5044:error:140940F5:SSL routines:ssl3_read_bytes:unexpected record:.\ssl\s3_pkt.c:1611:

NO renegotioation!

More than that I tested s_client on several domains. I typed "R" after s_client was connected but got a error:

2992:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:.\ssl\s3_pkt.c:644: error in s_client

I also have took a look at the s_server and saw only one function: SSL_renegotiate that seems to be must make a renegotioation. I do some else in code but:  NO renegotioation happens! Why?

Can anybody help and though explain about renegotiation at all? Maybe I don't know something...
When it can be used? Maybe it's disable by default for security reasons in OpenSSL? 
There is a function SSL_get_secure_renegotiation_support. Seems to be renegotiation can be secure or no. Maybe something else.... 

But right now I want to perform ANY type of renegotiation )) Nothing happens or error...


More information about the openssl-users mailing list