Either side can initiate a renegotiation at any point. It does not matter which side does it. The Server does it by sending a HelloRequest, the Client does it by sending a ClientHello. (When the Client sees a HelloRequest from the server, it responds with a ClientHello if it is willing to renegotiate.)
It is up to the security policies of both sides to determine when a renegotiation/rekey needs to occur. There is no "preferred renegotiator", though it's suggested that requiring that the Server initiate the renegotiation helps reduce the attack surface of prefix-injection attacks. Of course, if both sides are using certificates from the initial negotiation (which is not how Apache forces its configuration to behave), there's no such thing as a prefix-injection attack. (If nothing else, this should underscore the reason to use client certificates.) -Kyle H On Tue, Feb 2, 2010 at 7:24 AM, Saju Paul <saju.p...@messageway.com> wrote: > Thank you Patrick. I'm aware that the SSL Client (SSL_connect) and SSL > Server(SSL_accept) can renegotiate an SSL session. But my question is should > the Sender(SSL_write) or the Receiver(SSL_read) do the renegotiation? For > ex: if the Sender and Receiver decides to renegotiate either at a size(1G) > or a time(2minute) boundary would it not result in two renegotiations at the > boundary between the server and client. So even if either side can > renegotiate; is there a preferred renegotiator? not sure if that is even a > word but I hope you know where I'm going with this... > > Saju > -----Original Message----- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org]on Behalf Of Eisenacher, Patrick > Sent: Tuesday, February 02, 2010 9:07 AM > To: 'openssl-users@openssl.org' > Subject: RE: SSL renegotiation clarifications > > > Hi Saju, > > -----Original Message----- > From: Saju Paul > > Who as in Sender-encrypter or Receiver-decrypter should renegotiate an SSL > session? Can it be both or is it only the Sender? Is there a document that > describes the protocol? > Does renegotiation always require SSL handshake? (SSL_do_handshake) Are > they any circumstances where the handshake is not necessary? SSL > renegotiation described @ > http://h71000.www7.hp.com/doc/83final/ba554_90007/ch04s03.html is a > reference I'm planning to use and it suggest that the handshake is > necessary. Need reconfirmation. > > --- > > Renegotiation is part of the SSL/TLS protocol and as such defined exactly > there. Both client and server can initiate the renegotiation. And yes, > renegotiation always triggers a new handshake. > > Please be aware that a security weakness was discovered lately in this > renegotiation mechanism. A new TLS extension draft was published to close > this weakneses. Currently, work is ongoing to adapt this extension in the > relevant security tools. > > HTH, > Patrick > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
