AnsweredAssumed Answered

Secure Client-Initiated Renegotiation Vs Insecure Client-Initiated Renegotiation

Question asked by Jack son on Dec 27, 2013
Latest reply on May 1, 2014 by joshk

Hi Ivan

 

What do you mean 'secure' and 'insecure' in terms of Secure Client-Initiated Renegotiation Vs Insecure Client-Initiated Renegotiation ?

 

How can the above two be detected using OpenSSL?

 

As far as I guess, if OpenSSL issues "Secure Renegotiation is Supported", and renegotiation R command can be submitted, this means "Secure Client-Initiated Renegotiation".

 

Conversely, if OpenSSL doesn't issue "Secure Renegotiation is Supported", and renegotiation R command can be submitted, this means "Insecure Client-Initiated Renegotiation".

 

Are my assumptions correct?

 

Thanks,

Jack

Outcomes