Query on IE's SSL Renegotiation

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Query on IE's SSL Renegotiation

Gayathri Sundar-2
Hi there.,

Have some queries on the way IE is handling SSL Renegotiation.

1. Whenever IE receives a "Client Cert" req from the Server, say when it
is talking for the 1st time (IE gonna connect to this ssl server for the
very 1st time), it immediately closes the TCP connection abrubtly by
sending a FIN..now is this coz of some errors on the Server? The next
connection from IE to the server, works fine and the client cert is sent
out and renegotiation is completed on the same TCP connection..what I
further notice is this is happening everytime I switch the Server CTX from
"SSL_VERIFY_NONE" to "SSL_VERIFY_PEER" and vice versa..why is there is
extra TCP connection?

2. When there are no client certs configured on the IE, it seems to send
NULL Certificate..I mean I see the "certificate" message go out..but has
ZERO payload length!!!? Can Openssl validate this?

3. Once the ssl renegotiation is through, how can the application know
that the renegotiation succeeded and the client cert that was got is
correct?
By manipulating the SSL_OBJ i lose all the previous connection specific
data..

I really dont know why SSL Renegotiation is happening over 2 TCP
connections via IE..anyone experienced this before? Mozilla/Netscape are
working A-OK..

Thanks
--Gayathri

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]