OoO En ce début de soirée du mercredi 02 novembre 2011, vers 21:34, "David Prothero" <[email protected]> disait :
> I have been looking for a way to disable client-initiated > renegotiation on stunnel/openssl but haven’t found a way. On the > options description here: [...] As far as I know, there is no easy way to disable SSL renegotiation with OpenSSL. What you have to do is : 1. notice that an SSL renegotiation is beginning 2. abort the negotiation Here is how it is done with stud: https://github.com/bumptech/stud/pull/47 I will try to do the same thing for stunnel but this seems more difficult since the renegociation can be done automatically by OpenSSL during a single SSL_read() (which is not possible in stud because of its asynchronous nature). However, maybe the connection can be closed right in the callback. I need to try out. -- Vincent Bernat ☯ http://vincent.bernat.im Instrument your programs. Measure before making "efficiency" changes. - The Elements of Programming Style (Kernighan & Plauger)
