Steve, The trace clearly says that the server does not support Secure Renegotiation.
<SNIP> New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA Server public key is 1024 bit *Secure Renegotiation IS NOT supported* Compression: NONE <SNIP> Are we missing anything? -Sandeep On Thu, Jun 17, 2010 at 12:30 PM, Stephen Henson via RT <[email protected]>wrote: > > [[email protected] - Thu Jun 17 20:59:31 2010]: > > > > When running SSL_get_secure_renegotiation_support() with > > 0.9.8n/0.9.8o/1.0.0a against an IIS6 server (win2003 i believe) which > > was patched with KB977377 the function returns that renegotiation is > > supported even though it's not. > > ( http://support.microsoft.com/kb/977377 ) > > > > The actual function is saying the server sent back an extension saying > it supported secure renegotiation. That means it is safe to attempt to > renegotiate with the server it does not guarantee that the server will > actually accept a renegotiation attempt. > > I'd suggest you include the -tlsextdebug option to s_client and see if > you get the RI extension back from the server. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [email protected] >
