On Wed, 13 Apr 2011 18:42:45 -0400 Chris Hill wrote: > It seems like in releases after OpenSSL 0.9.8l (the ones that > contained the fix for cve 2009-3555), client initiated "secure/safe" > renegotiationw was never re-enabled by default, judging by how Apache > behaves.
See: http://groups.google.com/group/mailing.openssl.dev/browse_thread/thread/6d018d33a0f4a7af/f2542e431532cad9 "... current mod_ssl always rejects client initiated renegotiation." You should see the difference if you retest with s_server. th. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
