<div dir="ltr"><div>While trying to disable renegotiation the response from openssl reads "Secure Renegotiation IS supported" even though renegotiation is failing. </div><div><br></div><div>OpenSSL Config: </div><div>SSL_set_options(ssl_conn, SSL_OP_NO_RENEGOTIATION);<br></div><div><br></div><div><br></div><div>] $openssl s_client -connect localhost:443 -tls1_2</div><div>[SNIP]</div>New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384<br>Server public key is 2048 bit<br><b>Secure Renegotiation IS supported<br></b>Compression: NONE<br>Expansion: NONE<br>No ALPN negotiated<br>SSL-Session:<br>[SNIP]<div>---<br>HEAD / HTTP/1.1<br>R<br>RENEGOTIATING<br>139845827855680:error:14094153:SSL routines:ssl3_read_bytes:no renegotiation:../ssl/record/rec_layer_s3.c:1560:<br clear="all"><div><br></div><div>This article refers to this same problem with some screen shots under section "Eliminating a false positive": </div><div><br></div><div><div><a href="https://www.mcafee.com/blogs/enterprise/tips-securing-ssl-renegotiation/" target="_blank">https://www.mcafee.com/blogs/enterprise/tips-securing-ssl-renegotiation/</a></div></div><div><br></div>Thanks! <br><div dir="ltr"><div dir="ltr">--<div>Shaun Robbins</div></div></div></div></div>