> From: [email protected] On Behalf Of Krzysztof Kwiatkowski > Sent: Tuesday, September 10, 2013 05:32
> I've general question about how session renegotiation is initiated. > Are there cases where openSSL library can decide to renegotiate SSL/TLS > session (automatically) or such decision always is driven by the code > that uses openSSL lib? In other words - if I have an applications > (server&client) and those applications never requests renegotiation, > does it mean that SSL/TLS renegotiation will never be done? > If you use SSL-BIO (BIO_f_SSL, BIO_new_ssl, etc) you can set it to automatically renegotiate after a certain amount of data or time. Other than that, OpenSSL only renegotiates when you tell it to or when the other side asks (but not if flag set off or "unsafe-legacy" and option not set on). ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
