How to make a rehandshake(renegotiation)?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



10.03.2015, 21:40, "Salz, Rich" <rsalz at akamai.com>:
> Yes.
> You probably need more than that. :) Take a look at the apps/s_client and look for the 'R' constant to see how to do client-initiated reneg.

I have took a look at the apps/s_client.
I see only several lines of code about renegotiation:
//...............
                static int iiii;
                if (++iiii == 52) {
                    SSL_renegotiate(con);
                    iiii = 0;
                }
//...............
            if ((!c_ign_eof) && (cbuf[0] == 'R')) {
                BIO_printf(bio_err, "RENEGOTIATING\n");
                SSL_renegotiate(con);
                cbuf_len = 0;
            }
//...............

So only one function is used: SSL_renegotiate
I also use it - but nothing happens or error:

OpenSSL error: 5044:error:140940F5:SSL routines:ssl3_read_bytes:unexpected record:.\ssl\s3_pkt.c:1611:

NO renegotioation!

More than that I tested s_client on several domains. I typed "R" after s_client was connected but got a error:

2992:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:.\ssl\s3_pkt.c:644: error in s_client

I also have took a look at the s_server and saw only one function: SSL_renegotiate that seems to be must make a renegotioation. I do some else in code but:  NO renegotioation happens! Why?

Can anybody help and though explain about renegotiation at all? Maybe I don't know something...
When it can be used? Maybe it's disable by default for security reasons in OpenSSL? 
There is a function SSL_get_secure_renegotiation_support. Seems to be renegotiation can be secure or no. Maybe something else.... 

But right now I want to perform ANY type of renegotiation )) Nothing happens or error...


Regards.


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux