OK, I understand how V2 backwards compatibility
works - clients send a V2-style ClientHello with
a version of 3.0 or 3.1. (It's a seriously ugly
aberration, too, but let's not go there right now.)
I saw in Appendix E that "Requests to resume an
SSL 3.0 session should use an SSL 3.0 client hello."
But I looked over the 3.0 spec and also RFC2246
and I didn't see anything about V2 compatibility mode
for renegotiations (or re-handshakes, as Eric calls them
in his book).
I would assume that once the original negotiation
established that the client and server are using
SSL V3 or TLS V1, that the client would no longer
send out V2-style ClientHello messages, therefore
on renegotiation it would use a V3 or newer ClientHello
message format This assumption is grounded on
the quote above from Appendix E, even though it
speaks only to resuming a session, not to renegotiating.
But I try not to assume, so I was wondering if anybody
knows for certain.
Tom Biggs
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
