Mismatch between renegotiation reported vs functional

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

While trying to disable renegotiation the response from openssl reads "Secure Renegotiation IS supported" even though renegotiation is failing. 

OpenSSL Config: 
SSL_set_options(ssl_conn, SSL_OP_NO_RENEGOTIATION);


] $openssl s_client -connect localhost:443 -tls1_2
[SNIP]
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
[SNIP]
---
HEAD / HTTP/1.1
R
RENEGOTIATING
139845827855680:error:14094153:SSL routines:ssl3_read_bytes:no renegotiation:../ssl/record/rec_layer_s3.c:1560:

This article refers to this same problem with some screen shots under section "Eliminating a false positive": 

https://www.mcafee.com/blogs/enterprise/tips-securing-ssl-renegotiation/

Thanks! 
--
Shaun Robbins
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux