[openssl-users] Renegotiation procedure (server side)

Judson Wilson wilson.judson at gmail.com
Sat Oct 31 04:41:13 UTC 2015

I have seen several sources suggest that the following psuedo code
procedure should force a renegotiation before proceeding:


I am using non-blocking I/O, and have ommitted error handling and any
lower-level I/O management from this example.

Calling this from the server, I see a Hello Request sent from the server to
the client, and a Client Hello sent from the client to the server. Then
nothing happens; the server does not respond.

I believe that SSL_do_handshake does nothing to handle the actual handshake
in this scenario. The code appears to be stuck in the loop.

What is the actual sequence of events, from an API user perspective, that
should result in a successful renegotiation?

I have a theory, but I'd like some untainted feedback. :)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151030/54693292/attachment.html>

More information about the openssl-users mailing list