[gnutls-devel] why is gnutls_rehandshake() only for use by servers?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Jan 26 05:51:32 CET 2013
Hi GnuTLS folks--
http://gnutls.org/manual/html_node/Core-TLS-API.html#gnutls_005frehandshake
documents gnutls_rehandshake, and it suggests:
> This function will renegotiate security parameters with the
> client. This should only be called in case of a server.
However, the TLS 1.2 RFC section that describes Client Hello seems to
suggest that a client can initiate a re-handshake as well:
https://tools.ietf.org/html/rfc5246#section-7.4.1.2
> The client can also send a ClientHello in response to a HelloRequest
> or on its own initiative in order to renegotiate the security
> parameters in an existing connection.
What should a GnuTLS-based TLS client do if it wants to initiate a
renegotiation?
I'm probably missing something obvious, so please don't be afraid to
spell it out :)
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 965 bytes
Desc: not available
URL: </pipermail/attachments/20130125/20c12fcf/attachment.pgp>
More information about the Gnutls-devel
mailing list