I think we fixed this...
On Sat, Nov 19, 2011 at 2:28 PM, Ben Murphy <[email protected]> wrote: > I think there might be a bug with Next Protocol Negotiation and SSL > Renegotiation. My interpretation of the spec is that you shouldn't be > doing NPN negotiation during ssl renegotiation. Openssl client doesn't > appear to send NPN hello extension but it does seem to send NPN > handshake message during renegotiation if a next protocol had been > selected previously. > > If I setup an openssl server like: > > ./apps/openssl s_server -port 8443 -nextprotoneg http/1.1 -key > ~/git/espdy2/server.key -cert ~/git/espdy2/server.crt > > and then connect with a client: > > ./apps/openssl s_client -msg -host localhost -port 8443 -nextprotoneg spdy/2 > > and type 'R' in the client to do renegotiation I see this in the debug > output during renegotiation which appears to be the next_protocol > handshake message: > >>>> ??? [length 0024] > 43 00 00 20 06 73 70 64 79 2f 32 18 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 > > > 73:70:64:79:2f:32 -> spdy/2 > > I have another npn ssl implementation and it bails out when it > receives the unexpected message: > > <<< TLS 1.0 Alert [length 0002], fatal unexpected_message > 02 0a > 2903868164:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert > unexpected message:s3_pkt.c:1227:SSL alert number 10 > 2903868164:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake > failure:s3_pkt.c:592: > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
