Server Initiated Renegotiation with TLS 1.2 using OpenSSL 3.0

[Manish Patidar]

Hi,


We are running an OpenSSL based web server and using Chrome/Firefox as the
web client.

We need to implement server initiated renegotiation for client certificate
verification.



We were earlier using OpenSSL 1.0.2 and TLS 1.2 and were able to do the
renegotiation using the below code sequence:

   1. SSL_renegotiate
   2. SSL_do_handshake
   3. SSL_set_state(ssl, SSL_ST_ACCEPT)
   4. SSL_do_handshake
   5. SSL_get_peer_certificate

Using the above code sequence, we are successfully able to complete the
handshake after the renegotiation and verify the client certificate.



We are currently migrating to OpenSSL 3.0.8.

In the migration guide or the OpenSSL documentation, we couldn't find any
replacement for the *SSL_set_state *API.



However, we updated our code as below and got the renegotiation working for
TLS 1.2 for Chrome and Microsoft Edge:

   1. SSL_renegotiate
   2. SSL_do_handshake
   3. SSL_read
   4. SSL_get_peer_certificate

However, with the same code sequence, the handshake fails in the case
of Mozilla
Firefox.



On debugging using SSL_trace, we found that in case of Firefox, the client
(browser) sends an Alert Message 21 after sending a ClientKeyExchange
message.



We have below queries:

   1. What is the correct code sequence to implement server initiated
   renegotiation for client  certificate verification using OpenSSL 3.0.8
   using TLS1.2 ?
   2. What is the replacement for the *SSL_set_state(ssl, SSL_ST_ACCEPT)*
   API in OpenSSL 3.0.8  or how can we set the state to *SSL_ST_ACCEPT*?
   3. How to do server initiated renegotiation for client certificate
   verification using OpenSSL 3.0.8.


Regards
Manish
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20231213/13912cba/attachment.htm>