On Fri, Jul 17, 2015 at 9:18 AM, Yann Ylavic <ylavic.dev@gmail.com> wrote:

Attached are the logs from both httpd and s_client, where we can see
that httpd somehow expects a client certificate during the
renegotiation (without sending any certificate request...), while
s_client obviously does not send anything like that (but its key

I can't explain that... I'd need to debug.
Does this ring someone's bell?

Sure.  AIUI, LibreSSL stripped out TLS renegotiation as an 'unsafe thing'.

Some of our tests demonstrate per-dir renegotiation for stricter SSL
ciphers or client certs in specific contexts, but this would not be
a supported feature under LibreSSL if I understood their scope changes
correctly.  The test is right, IMHO.