Skip to content
Commit 78b9d134 authored by Matt Caswell's avatar Matt Caswell
Browse files

Stop DTLS servers asking for unsafe legacy renegotiation



If a DTLS client that does not support secure renegotiation connects to an
OpenSSL DTLS server then, by default, renegotiation is disabled. If a
server application attempts to initiate a renegotiation then OpenSSL is
supposed to prevent this. However due to a discrepancy between the TLS and
DTLS code, the server sends a HelloRequest anyway in DTLS.

This is not a security concern because the handshake will still fail later
in the process when the client responds with a ClientHello.

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
(cherry picked from commit d40ec4ab)
parent e8300984
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment