1. Who as in Sender-encrypter or Receiver-decrypter should renegotiate
an SSL session? Can it be both or is it only the Sender? Is there a
document that describes the protocol?
2. Does renegotiation always require SSL handshake? (SSL_do_handshake)
Are they any circumstances where the handshake is not necessary? SSL
renegotiation described @
http://h71000.www7.hp.com/doc/83final/ba554_90007/ch04s03.html is a
reference I'm planning to use and it suggest that the handshake is
necessary. Need reconfirmation.
