On Wed, Sep 19, 2012 at 3:23 PM, Janusz Dziemidowicz rraptorr@nails.eu.org wrote:
This is the same as in gnutls-cli-debug case. It only tells the client that the server understands a secure renegotiation protocol (as opposed to older, insecure renegotiation method). It has nothing to do with the fact that the server will not accept renegotiations (and renegotiations can also be started by the server itself). SSL protocol does not have any way to indicate that a server will not accept renegotiations. It is also not possible to reject them in other way than disconnection. That is why renegotiations are enabled by default. You can disable them if you are confident that they won't be used (which is true in some common cases like most HTTPS scenarios).
Ahh OK that explains, thanks!
/ Henrik