2012/9/19 Henrik Riomar henrik.riomar@gmail.com:
OK, I tried with gnutls-cli-debug -p 1443 127.0.0.1
...snip... Checking for Safe renegotiation support... yes Checking for Safe renegotiation support (SCSV)... yes ...snip...
The above is towards a build of stunnel-4.54b8.tar.gz with "renegotiation = no" in the config.
The above is totally unrelated to this patch. It only reports if the server indicates that it supports secure renegotiation (as opposed to older, insecure method of renegotiation). It does not tell you if the server will accept renegotiation request from the client (and the renegotiation can be started by a server, so the indication is in fact correct). If a client actually tries to start renegotiation with "renegotiation =no" it will fail. I've described how to do it in my previous e-mail.