Hiya, I've been looking at renegotiations in mod_ssl - can anyone confirm whether the following statement is true:
- it is only safe to call SSL_renegotiate and SSL_do_handshake to instigate an SSL renegotiation if you know that the peer is in a state where it must not be sending any data. This seems to be empirically true: if the peer has sent an as-yet-unprocessed data record, and you start an SSL renegotiation, then the data record may be processed when expecting the client to perform the handshake, causing the handshake to fail with an "unexpected record" error. I'm not sure if this is a property inherent in SSL/TLS or merely a feature of OpenSSL's implementation; interesting to know which. Regards, joe ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
