Re: Next Protocol Support and SSL Renegotiation

Thu, 08 Dec 2011 16:05:25 -0800 

Yup. I see it is fixed.

On Mon, Dec 5, 2011 at 12:31 PM, Ben Laurie <[email protected]> wrote:

> I think we fixed this...
>
> On Sat, Nov 19, 2011 at 2:28 PM, Ben Murphy <[email protected]> wrote:
> > I think there might be a bug with Next Protocol Negotiation and SSL
> > Renegotiation. My interpretation of the spec is that you shouldn't be
> > doing NPN negotiation during ssl renegotiation. Openssl client doesn't
> > appear to send NPN hello extension but it does seem to send NPN
> > handshake message during renegotiation if a next protocol had been
> > selected previously.
> >
> > If I setup an openssl server like:
> >
> > ./apps/openssl s_server -port 8443 -nextprotoneg http/1.1 -key
> > ~/git/espdy2/server.key -cert ~/git/espdy2/server.crt
> >
> > and then connect with a client:
> >
> > ./apps/openssl s_client -msg  -host localhost -port 8443 -nextprotoneg
> spdy/2
> >
> > and type 'R' in the client to do renegotiation I see this in the debug
> > output during renegotiation which appears to be the next_protocol
> > handshake message:
> >
> >>>> ??? [length 0024]
> >    43 00 00 20 06 73 70 64 79 2f 32 18 00 00 00 00
> >    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> >    00 00 00 00
> >
> >
> > 73:70:64:79:2f:32 -> spdy/2
> >
> > I have another npn ssl implementation and it bails out when it
> > receives the unexpected message:
> >
> > <<< TLS 1.0 Alert [length 0002], fatal unexpected_message
> >    02 0a
> > 2903868164:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert
> > unexpected message:s3_pkt.c:1227:SSL alert number 10
> > 2903868164:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
> > failure:s3_pkt.c:592:
> > ______________________________________________________________________
> > OpenSSL Project                                 http://www.openssl.org
> > Development Mailing List                       [email protected]
> > Automated List Manager                           [email protected]
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [email protected]
> Automated List Manager                           [email protected]
>

Reply via email to