If OpenSSL issues "Secure Renegotiation is Supported", and renegotiation R command can be submitted, this means the server supports "Secure Client-Initiated Renegotiation".
At the same time, can I assume the server is also vulnerable to Denial of Service (ie. THC-SSL-DOS) ?
The reason why I am asking is because of recent SSL Labs results.
Refer to the following examples.
|Secure Client-Initiated Renegotiation||Supported DoS DANGER (more info)|
|Secure Client-Initiated Renegotiation||No|
Host A and Host B responded to Renegotiation (R) command and I got "Secure Renegotiation is Supported" from openssl output.