diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2009-12-08 19:05:49 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2009-12-08 19:05:49 +0000 |
commit | 17bb0516283cc231eddc3685aa232fb1757b6ad7 (patch) | |
tree | ad7e70230c8fc41a7213647083ae1e72e8c2a906 /CHANGES | |
parent | 59f44e810b696b7a908ab5b1958e16711a9154c2 (diff) |
Send no_renegotiation alert as required by spec.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -4,6 +4,17 @@ Changes between 0.9.8l (?) and 0.9.8m (?) [xx XXX xxxx] + *) If client attempts to renegotiate and doesn't support RI respond with + a no_renegotiation alert as required by draft-ietf-tls-renegotiation. + Some renegotiating TLS clients will continue a connection gracefully + when they receive the alert. Unfortunately OpenSSL mishandled + this alert and would hang waiting for a server hello which it will never + receive. Now we treat a received no_renegotiation alert as a fatal + error. This is because applications requesting a renegotiation might well + expect it to succeed and would have no code in place to handle the server + denying it so the only safe thing to do is to terminate the connection. + [Steve Henson] + *) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if peer supports secure renegotiation and 0 otherwise. Print out peer renegotiation support in s_client/s_server. |