Dr Stephen Henson wrote:
Jean-Marc Desperrier wrote:
Joe Orton wrote:
Please file a bug and attach all of:
a) error_log output at "LogLevel debug" for that case
b) the config snipping that you're using for /authentication
c) the mod_ssl configuration
This is now done in bug
https://issues.apache.org/bugzilla/show_bug.cgi?id=48215
error.log might have enough info to understand what happens, but I
included everything else needed to repro from scratch.
What happens with the latest 0.9.8-stable version of OpenSSL?
Stephen, what result do you expect from this ?
Does the latest 0.9.8-stable already implement safe renegociation ? But
I'd need a version of Firefox that implement it for testing (I'll try to
get that from Nelson).
If renegociation is simply disabled, this case will simply fail as expected.
It's not a case of mod_ssl starting renegotiation where *none* is required.
Some comments imply that one also happens sometimes but I don't know if
it's true as I don't know how precisely to reproduce it.
But I won't exclude it given how easy it is to fall into the problem of
mod_ssl requiring more renegotiations than really needed.
