[openssl-users] How to make a rehandshake(renegotiation)?
Serj Rakitov
rasjv at yandex.com
Thu Mar 12 15:15:07 UTC 2015
Hi,
I managed to do a renegotiation.
My mistake was that I start renegotiation when not all data were received or sended.
Probably there was a situation when not all packets(records) were processed and i got a error: unexpected record or bad length.
Really only one function SSL_renegotiate and flag SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION are quite enough. Seems to be all others was for old OpenSLL versions.
Only one question remain, it's opposite to the first one: if i want don't use renegotiation at all, how to disable it?
I see that insecure renegotiation can be disabled by:
SSL_CTX_clear_options(ctx,SSL_OP_LEGACY_SERVER_CONNECT)
that is enabled by default.
But what about secure renegotiation? Is it possible to disable it at all for client and server. So, Server rejects queries on secure renegotiation from client and client rejects queries on secure renegotiation from server.
Regards.
More information about the openssl-users
mailing list