Dirk-Willem van Gulik wrote: > > So I guess the one thing we need now is to double check with the OpenSSL > folks if the basic concept of this patch covers all basis. I.e. really > sees every possible renegotiate - regardless of what or from where > initiated. I am a bit worried that OpenSSL may have to clean an > abstraction layer perhaps. >
I can only comment about *this* OpenSSL folk ;-) I only found out about this issue yesterday and I'm on vacation until early next week so I've only been following this in outline. The normal session resumption can be performed using s_client and the -sess_out and -sess_in options so check that works normally if you haven't already. That should be checked with -no_ticket too to check stateful resumption (stateless is default for newer versions of OpenSSL). Steve. -- Dr Stephen N. Henson. Senior Technical/Cryptography Advisor, Open Source Software Institute: www.oss-institute.org OpenSSL Core team: www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
