On Wed, Mar 03, 2010 at 06:31:36PM +0000, Dr Stephen Henson wrote: > If I understand the code correctly it looks like Apache is already > trapping and aborting client initiated renegotiations so this "hang" > situation shouldn't arise.
This is true for client-initiated reneg, I'm not sure whether Mladen was talking about client- or server- initiated reneg, Mladen can you clarify exactly what problem you're seeing? > Note that you don't need to abort if secure renegotiation is supported > by the client. Is there any technical need to support client-initiated reneg? It's a bad fit with mod_ssl. Regards, Joe