10.03.2015, 21:40, "Salz, Rich" <rsalz at akamai.com>:
> Yes.
> You probably need more than that. :) Take a look at the apps/s_client and look for the 'R' constant to see how to do client-initiated reneg.
I have took a look at the apps/s_client.
I see only several lines of code about renegotiation:
//...............
static int iiii;
if (++iiii == 52) {
SSL_renegotiate(con);
iiii = 0;
}
//...............
if ((!c_ign_eof) && (cbuf[0] == 'R')) {
BIO_printf(bio_err, "RENEGOTIATING\n");
SSL_renegotiate(con);
cbuf_len = 0;
}
//...............
So only one function is used: SSL_renegotiate
I also use it - but nothing happens or error:
OpenSSL error: 5044:error:140940F5:SSL routines:ssl3_read_bytes:unexpected record:.\ssl\s3_pkt.c:1611:
NO renegotioation!
More than that I tested s_client on several domains. I typed "R" after s_client was connected but got a error:
2992:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:.\ssl\s3_pkt.c:644: error in s_client
I also have took a look at the s_server and saw only one function: SSL_renegotiate that seems to be must make a renegotioation. I do some else in code but: NO renegotioation happens! Why?
Can anybody help and though explain about renegotiation at all? Maybe I don't know something...
When it can be used? Maybe it's disable by default for security reasons in OpenSSL?
There is a function SSL_get_secure_renegotiation_support. Seems to be renegotiation can be secure or no. Maybe something else....
But right now I want to perform ANY type of renegotiation )) Nothing happens or error...
Regards.
