[stunnel-users] SSL renegotiation patch

Janusz Dziemidowicz rraptorr at nails.eu.org
Wed Sep 19 15:14:31 CEST 2012


2012/9/19 Henrik Riomar <henrik.riomar at gmail.com>:
> OK, I tried with gnutls-cli-debug -p 1443 127.0.0.1
>
> ...snip...
> Checking for Safe renegotiation support... yes
> Checking for Safe renegotiation support (SCSV)... yes
> ...snip...
>
> The above is towards a build of stunnel-4.54b8.tar.gz with
> "renegotiation = no" in the config.

The above is totally unrelated to this patch. It only reports if the
server indicates that it supports secure renegotiation (as opposed to
older, insecure method of renegotiation). It does not tell you if the
server will accept renegotiation request from the client (and the
renegotiation can be started by a server, so the indication is in fact
correct). If a client actually tries to start renegotiation with
"renegotiation =no" it will fail. I've described how to do it in my
previous e-mail.

-- 
Janusz Dziemidowicz



More information about the stunnel-users mailing list