Hi, Wanted a clarification on OpenSSL 0.9.8l ( CVE-2009-3555 - TLS / SSLv3 Renegotiating vulnerability) . When I execute the following
./openssl s_client -connect www.testapp.com:8090 --- [snipped... openssl output] HEAD / HTTP/1.0 R RENEGOTIATING <Enter> The below output is shown HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"7777-1266209541000" Last-Modified: Mon, 15 Feb 2010 04:52:21 GMT Content-Type: text/html Content-Length: 7777 Date: Wed, 03 Mar 2010 17:44:54 GMT Connection: close What I want to know is if this should output the header details or should that be suppressed also. As per a lot of forums I should get this error “28874:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:” OR The connection blocks and timeouts after a while Could someone please clarify. -- Thanks & Regards, Rajat
