httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <>
Subject Re: Comparing LibreSSL and OpenSSL based on ApacheTest t/ssl results
Date Fri, 17 Jul 2015 14:44:20 GMT
On Fri, Jul 17, 2015 at 9:18 AM, Yann Ylavic <> wrote:

> Attached are the logs from both httpd and s_client, where we can see
> that httpd somehow expects a client certificate during the
> renegotiation (without sending any certificate request...), while
> s_client obviously does not send anything like that (but its key
> exchange).
> I can't explain that... I'd need to debug.
> Does this ring someone's bell?

Sure.  AIUI, LibreSSL stripped out TLS renegotiation as an 'unsafe thing'.

Some of our tests demonstrate per-dir renegotiation for stricter SSL
ciphers or client certs in specific contexts, but this would not be
a supported feature under LibreSSL if I understood their scope changes
correctly.  The test is right, IMHO.


View raw message