Hi all
I have a client and server that communicate with PSK-AES128-CBC-SHA. In making openssl I selected no-tlsext. What I see is that client initiates legacy renegotiation and server supports and accepts it. I did not set the SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION. Would you think this is expected? Wouldn't it be better for the server to reject this legacy renegotiation? Best wishes Alon
