At substantial risk of beating the proverbial already-dead horse, here're
some questions I have:
- is legitimate Web-client-issued renegotiation observed in real world ? In
other words, do the web browsers of today issue legitimate renegotiation
requests ?
Some of such "legitimate" reasons could
It is safe to assume that both the SNI and NPN callbacks would have been
called _before either call returns success notification ?
In other words, an app would be in "consistent" state - having decided on
both the protocol (say SPDY/HTTP2.0) and possible certificate switch,
before performing any o
