I think there might be a bug with Next Protocol Negotiation and SSL
Renegotiation. My interpretation of the spec is that you shouldn't be
doing NPN negotiation during ssl renegotiation. Openssl client doesn't
appear to send NPN hello extension but it does seem to send NPN
handshake message during renegotiation if a next protocol had been
selected previously.
If I setup an openssl server like:
./apps/openssl s_server -port 8443 -nextprotoneg http/1.1 -key
~/git/espdy2/server.key -cert ~/git/espdy2/server.crt
and then connect with a client:
./apps/openssl s_client -msg -host localhost -port 8443 -nextprotoneg spdy/2
and type 'R' in the client to do renegotiation I see this in the debug
output during renegotiation which appears to be the next_protocol
handshake message:
>>> ??? [length 0024]
43 00 00 20 06 73 70 64 79 2f 32 18 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00
73:70:64:79:2f:32 -> spdy/2
I have another npn ssl implementation and it bails out when it
receives the unexpected message:
<<< TLS 1.0 Alert [length 0002], fatal unexpected_message
02 0a
2903868164:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert
unexpected message:s3_pkt.c:1227:SSL alert number 10
2903868164:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:592:
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
