In article <[EMAIL PROTECTED]> you wrote: > Bodo Moeller <[EMAIL PROTECTED]>: > >> If you >> don't want the server to accept any more data from the client after >> the HelloRequest has been sent (which makes sense only if the >> application protocol is synchronized at that moment), then call >> SSL_set_accept_state followed by a second SSL_do_handshake. > > Turns out I was lying: SSL_set_accept_state will reset so much of the > server state that it fails immediately. However, > SSL_set_state(s, SSL_ST_ACCEPT) -- again, followed by SSL_do_handshake > -- should have the desired effect. Yes, look inside mod_ssl's ssl_engine_kernel.c around line 870. There a full renegotiation is forced by the server and the comments in the code give you more hints about the problems. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]