> [[email protected] - Thu Jun 17 20:59:31 2010]: > > When running SSL_get_secure_renegotiation_support() with > 0.9.8n/0.9.8o/1.0.0a against an IIS6 server (win2003 i believe) which > was patched with KB977377 the function returns that renegotiation is > supported even though it's not. > ( http://support.microsoft.com/kb/977377 ) >
The actual function is saying the server sent back an extension saying it supported secure renegotiation. That means it is safe to attempt to renegotiate with the server it does not guarantee that the server will actually accept a renegotiation attempt. I'd suggest you include the -tlsextdebug option to s_client and see if you get the RI extension back from the server. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
