On 03/04/2010 12:29 AM, Joe Orton wrote:
I'm fairly happy with refusing client-initiated reneg regardless.
+1 Explicit OpenSSL option e.g. SSL_OP_DISABLE_CLIENT_INITED_RENEGOTIATION would be helpful and we won't be needing info callback in that case (which doesn't get called from SSL_CB_ACCEPT_LOOP for legacy clients anyhow) Regards -- ^TM