OpenBSD manual page server

Manual Page Search Parameters

SSL_RENEGOTIATE(3) Library Functions Manual SSL_RENEGOTIATE(3)

SSL_renegotiate, SSL_renegotiate_abbreviated, SSL_renegotiate_pendinginitiate a new TLS handshake

#include <openssl/ssl.h>

SSL_renegotiate(SSL *ssl);

SSL_renegotiate_abbreviated(SSL *ssl);

SSL_renegotiate_pending(SSL *ssl);

When called from the client side, () schedules a completely new handshake over an existing TLS connection. The next time an I/O operation such as () or () takes place on the connection, a check is performed to confirm that it is a suitable time to start a renegotiation. If so, a new handshake is initiated immediately. An existing session associated with the connection is not resumed.

This function is automatically called by SSL_read(3) and SSL_write(3) whenever the renegotiation byte count set by BIO_set_ssl_renegotiate_bytes(3) or the timeout set by BIO_set_ssl_renegotiate_timeout(3) are exceeded.

When called from the client side, () is similar to SSL_renegotiate() except that resuming the session associated with the current connection is attempted in the new handshake.

When called from the server side, () and SSL_renegotiate_abbreviated() behave identically. They both schedule a request for a new handshake to be sent to the client. The next time an I/O operation is performed, the same checks as on the client side are performed and then, if appropriate, the request is sent. The client may or may not respond with a new handshake and it may or may not attempt to resume an existing session. If a new handshake is started, it is handled transparently during any I/O function.

If a LibreSSL client receives a renegotiation request from a server, it is also handled transparently during any I/O function. The client attempts to resume the current session in the new handshake. For historical reasons, DTLS clients do not attempt to resume the session in the new handshake.

SSL_renegotiate() and SSL_renegotiate_abbreviated() return 1 on success or 0 on error.

SSL_renegotiate_pending() returns 1 if a renegotiation or renegotiation request has been scheduled but not yet acted on, or 0 otherwise.

SSL_do_handshake(3), SSL_num_renegotiations(3), SSL_read(3), SSL_write(3)

SSL_renegotiate() is available in all versions of OpenSSL.

March 29, 2017 OpenBSD-6.1