On 06.11.2009 01:12, Joe Orton wrote: > On Fri, Nov 06, 2009 at 12:00:06AM +0000, Joe Orton wrote: > FYI - Dirk points out that you can test this using openssl s_client by > entering a line with the single character 'R' which s_client treats as a > command to initiate a renegotiation. Joe > > $ openssl s_client ... > --- > GET / HTTP/1.1 > Host: localhost > R > RENEGOTIATING > 139919233795736:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake > failure:s3_pkt.c:590:
Not sure if everyone is aware: http://extendedsubset.com/Renegotiating_TLS.pdf contains such an exposure example using s_client. Eric Rescorla also explained some more details a few hours ago: http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
