On Thu, Apr 14, 2011 at 03:57:32AM -0500, William Rowe wrote: > Looking at current 2.2.17 httpd with openssl 0.9.8o, and using 0.9.8o to > attempt > to 'R'enegotiate, the report appears accurate.
Yup, it's a legacy of the patch for CVE-2009-3555; the prevention of client-initiated reneg has never been relaxed. It would be simple to change the code to allow client-initiated reneg iff secure reneg is supported by both sides. There was a discussion on this topic recently at the IETF TLS list: http://thread.gmane.org/gmane.ietf.tls/8335/focus=8358 If it's true that IIS also rejects client-initiated reneg (per claim in that thread), I'd say there is no imperative to change mod_ssl's behaviour from an interop perspective. You can argue for "correctness"; the protocol allows a client-initiated reneg, so why should mod_ssl disable it? I don't find that terribly compelling; reneg and HTTP over SSL is a conceptual mess, and a significant proportion of the security issues in mod_ssl have been reneg-related (though maybe that sounds FUDdish). So I tend towards "less renegotiation is good"; very interested to hear other opinions. Regards, Joe
