You must ensure that the option is set, not cleared. -Kyle H
On Wed, Jun 4, 2014 at 11:37 PM, Mithun Kumar <mithunsi...@gmail.com> wrote: > Thanks for the reply. > > I am currently resetting the below flag by resetting using > SSL_CTX_clear_options(). Still the handshake fails. > > SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION > > > Any inputs ? > > > > > > On Wed, Jun 4, 2014 at 6:57 PM, Salz, Rich <rs...@akamai.com> wrote: > >> Ø Can you please elaborate? >> >> Ø >> >> >> >> One side of your connection, and it could be either the client or the >> server, is doing the old-style (OpenSSL calls it LEGACY) renegotiation and >> the other side is rejecting it. One use for renegotiation is to get a >> client cert, for example. For information about that, google: >> >> https://www.google.com/search?q=tls+insecure+renegotiation >> >> or perhaps just ‘feeling lucky’ and go here: >> >> http://www.digicert.com/news/2011-06-03-ssl-renego.htm >> >> >> >> -- >> >> Principal Security Engineer >> >> Akamai Technologies, Cambridge, MA >> >> IM: rs...@jabber.me; Twitter: RichSalz >> >> >> > >
