If this is true, this is a bug in the implementation. The TLS RFCs state that application data can come in at any time, including during renegotiation handshakes (with one exception, and that is that 'ChangeCipherSpec' and 'Finished' must be back-to-back). Please send this report to r...@openssl.org.
-Kyle H On Mon, Jan 18, 2010 at 2:06 PM, Carl <c...@turner.ca> wrote: > Please note this question is not about the TLS vulnerability reported in > Nov 2009. > > When an openssl client requests a renegotiation while the server is > sending data the client generates a fatal alert of "unexpected message". > > This behavior doesn't seem very robust because the client may not know > when the server is about to send application data. Are there any > workarounds to handle this scenario? > > This issue has been raised on this email list over the years but I can't > find any responses. Here are a couple of the latest related posts: > >From 2007: http://marc.info/?l=openssl-users&m=118897608028360&w=2 > >From 2005: http://marc.info/?l=openssl-users&m=110858071920301&w=2 > > The system I'm using has openssl 0.9.8k. > > Thanks, > > Carl > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
