On Thu, Nov 19, 2009, Jean-Marc Desperrier wrote: > Thor Lancelot Simon wrote: >> I think it's a mistake to send a fatal alert. In the past week as I've >> been experimenting with this, I've encountered a number of embedded >> client devices (cellphones -- I suspect I know which stack they're using >> but I'm not certain, so I won't identify the vendor here) which do >> periodic >> renegotiations and can't be configured not to. I hacked up >> no-renegotiation >> alert for a somewhat simpler TLS implementation since I kept tripping over >> myself trying to do it with OpenSSL. The result was that these clients >> could maintain connections -- they ignore the failed renegotiation. >> >> With OpenSSL, these clients simply lose their connection and don't >> display pages. I think this is wrong. > > I support wholly this description of the situation.
I'm currently reviewing the code along with the continuing discussions about strategy in the TLS mailing list. The current code is obviously buggy (I had to fix a few things yesterday) and I'll look into fixing it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
