[stunnel-users] SSL renegotiation patch

• Previous message (by thread): [stunnel-users] SSL renegotiation patch
• Next message (by thread): [stunnel-users] [patch] options-related-to-TLS-v1.1-v1.2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2012/9/19 Henrik Riomar <henrik.riomar at gmail.com>:
> OK, I tried with gnutls-cli-debug -p 1443 127.0.0.1
>
> ...snip...
> Checking for Safe renegotiation support... yes
> Checking for Safe renegotiation support (SCSV)... yes
> ...snip...
>
> The above is towards a build of stunnel-4.54b8.tar.gz with
> "renegotiation = no" in the config.

The above is totally unrelated to this patch. It only reports if the
server indicates that it supports secure renegotiation (as opposed to
older, insecure method of renegotiation). It does not tell you if the
server will accept renegotiation request from the client (and the
renegotiation can be started by a server, so the indication is in fact
correct). If a client actually tries to start renegotiation with
"renegotiation =no" it will fail. I've described how to do it in my
previous e-mail.

-- 
Janusz Dziemidowicz

• Previous message (by thread): [stunnel-users] SSL renegotiation patch
• Next message (by thread): [stunnel-users] [patch] options-related-to-TLS-v1.1-v1.2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]