Can you share the code you have used for testing?
On Thu, 2014-08-21 at 16:14 +0200, Jay True via RT wrote: > I've tested versions 1.0.0b and 1.0.1i, both have this problem too. > > More specifically, it happens only when the application called SSL_write() > after peer A starts the renegotiation. If SSL_read() is called instead, > those unexpected application data from peer B will be returned. > > According to TLS specification, it should be allowed for peer A to send > application data to peer B even during the renegotiation, by using current > states (instead of pending states) to sign and encrypt. > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org