On 10.03.2016 12:40, Osiris wrote: <snip/>
That's just the question of Florent: how to disable Secure Client-Initiated Renegotiation.
Hi!There is no way to disable this in OpenSSL, and the CVE you refer to has been disputed. Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1473 and https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html.
Without altering OpenSSL sources, secure renegotiations will take place. --- Aki Tuomi Dovecot Oy