On 03/03/2010 11:01 PM, Joe Orton wrote:
On Wed, Mar 03, 2010 at 06:31:36PM +0000, Dr Stephen Henson wrote:
If I understand the code correctly it looks like Apache is already
trapping and aborting client initiated renegotiations so this "hang"
situation shouldn't arise.
This is true for client-initiated reneg, I'm not sure whether Mladen was
talking about client- or server- initiated reneg, Mladen can you clarify
exactly what problem you're seeing?
Very simple to duplicate, just find any <= 0.9.8k client
mod_ssl + openssl-0.9.8m
SSLInsecureRenegotiation on
echo R | openssl-0.9.8m s_client .. disconnects
echo R | openssl-0.9.8k s_client .. disconnects
SSLInsecureRenegotiation off
echo R | openssl-0.9.8m s_client .. disconnects
echo R | openssl-0.9.8k s_client .. hangs until ServerTimeout
Client reneg is rejected by our info callback
(which might be good or not, but that's not the point)
except with 0.9.8m and legacy clients.
Regards
--
^TM
