On 3/24/2010 5:51 PM, Rainer Jung wrote: > > The server only needs server initiated renegotiations.
As repeated several times, there are apparently micro SSL implementations out there in the wild, e.g. cell phone browsers, who choose to renegotiate and - seeing an alert that it is not supported, hum merrily along. So the 'shut down the connection' flavor of halting server initiated renegotiation breaks such clients, while the openssl 0.9.8m graceful handling supports such renegotiation requests with a polite refusal.