2012/9/19 Henrik Riomar henrik.riomar@gmail.com:
On Wed, Sep 19, 2012 at 1:57 PM, Janusz Dziemidowicz
or s_client from stunnel: openssl s_client -host localhost -port 8443 -tls1 With s_client, you have to input R and press Enter, it will try to renegotiate then (awesome hack). Also, note that s_client has problems while renegotiating with TLS1.2 (that's why I've added -tls1 option).
Tried this and got this printout; New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported
This is the same as in gnutls-cli-debug case. It only tells the client that the server understands a secure renegotiation protocol (as opposed to older, insecure renegotiation method). It has nothing to do with the fact that the server will not accept renegotiations (and renegotiations can also be started by the server itself). SSL protocol does not have any way to indicate that a server will not accept renegotiations. It is also not possible to reject them in other way than disconnection. That is why renegotiations are enabled by default. You can disable them if you are confident that they won't be used (which is true in some common cases like most HTTPS scenarios).