[stunnel-users] SSL renegotiation patch

Henrik Riomar henrik.riomar at gmail.com
Wed Sep 19 15:26:32 CEST 2012


On Wed, Sep 19, 2012 at 3:23 PM, Janusz Dziemidowicz
<rraptorr at nails.eu.org> wrote:

> This is the same as in gnutls-cli-debug case. It only tells the client
> that the server understands a secure renegotiation protocol (as
> opposed to older, insecure renegotiation method). It has nothing to do
> with the fact that the server will not accept renegotiations (and
> renegotiations can also be started by the server itself).
> SSL protocol does not have any way to indicate that a server will not
> accept renegotiations. It is also not possible to reject them in other
> way than disconnection. That is why renegotiations are enabled by
> default. You can disable them if you are confident that they won't be
> used (which is true in some common cases like most HTTPS scenarios).
>

Ahh OK that explains, thanks!

/ Henrik



More information about the stunnel-users mailing list