On Thu, Nov 19, 2009 at 02:04:43PM +0100, Dr. Stephen Henson wrote: > > The version which was in 0.9.8-stable was buggy: OpenSSL tried to do an SSLv2 > compatible client hello and failed because that couldn't negotiate secure > renegotiation (there is no way to do that because SSLv2 compatible client > hellos don't support extensions). The result was you'd get s_server/s_client > not connecting with default options. You needed -legacy_renegotiation to get > that to work.
That's annoying, but it seems like a simple enough bug. I am more curious about why legacy renegotiation is rejected with a fatal invalid parameter alert instead of what seems to be the correct warning (nonfatal) no renegotiation alert. Is there a reason why that is the right way, which I'm just missing? Thor ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
