It is very simple for server to tell client it not support secure renegotiation: server just should not send renegotiation_info TLS extension in ServerHello. Then client will know that server do not support (or do not wish to support) secure renegotiation.
The hard part is to make it by using OpenSSL. Currently there is only one way to achive desired behaviour - completelly disable TLS extensions. Which migth not be considered as aceptable in particular case. There is a pach, implementing option SSL_OP_DO_NOT_SEND_RI. http://rt.openssl.org/index.html?q=2551 If this option is set to SSL context - server will not send renegotiation_info TLS extension. On 29 June 2011 23:18, Ritesh Rekhi <rre...@brocade.com> wrote: > Hi ,**** > > ** ** > > I need little help in implementing RFC 5746 on server, as per RFC it is not > very clear on how to tell clients that Server doesn’t support renegotiation. > **** > > ** ** > > If anybody knows a way to tell clients that server doesn’t support > renegotiation , please let me know.**** > > ** ** > > Thanks **** > > Ritesh Rekhi **** >
