In testing a server running Ericom's Secure Gateway (http://www.ericom.com/securegateway.asp which we're using with their PowerTerm WebConnect) we see:
"This server is vulnerable to MITM attacks because it supports insecure renegotiation. Grade set to F."
I found the instructions for manually testing that here: http://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html. So I went and downloaded openssl-0.9.8k source, and after finding it won't compile on Ubuntu 12.04, got it to compile on an old 10.04 system. Then I ran the recommended manual test, which went like this:
# ./openssl s_client -connect NN.NN.NN.NN:443
HEAD / HTTP/1.0 <<-- entered by me
read:errno=0 <<-- immediate response
So no chance to enter an R to request renegotiation. This was quite consistent. Against other, normal sites, including ssllabs.com, there's the opportunity to enter the R and get to one result or another. So if this is still a good manual test, then the SSL Labs test is throwing a false positive. If it's not a good manual test, it would be useful to know what is.