Add ssl_renegotiate_ignore. This option causes clients to ignore HelloRequest messages completely. This can be suitable in cases where a server tries to perform concurrent application data and handshake flow, e.g. because they are trying to “renew” symmetric keys. Change-Id: I2779f7eff30d82163f2c34a625ec91dc34fab548 Reviewed-on: https://boringssl-review.googlesource.com/6431 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>

commit: 27a0d086f7bbf7076270dbeee5e65552eb2eab3a [log] [tgz]
author: Adam Langley <agl@google.com> Tue Nov 03 13:34:10 2015 -0800
committer: Adam Langley <agl@google.com> Tue Nov 03 21:58:13 2015 +0000
tree: 00698a302fc48789c26acbb68fa6cf7a876f5f6f
parent: fa9eb568b07597af5ff75dd2bb8204e40fbfea78 [diff] [blame]
diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index c911ad0..ab9e233 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go

@@ -1152,6 +1152,10 @@
 		c.sendAlertLocked(alertLevelError, c.config.Bugs.SendSpuriousAlert)
 	}
 
+	if c.config.Bugs.SendHelloRequestBeforeEveryAppDataRecord {
+		c.writeRecord(recordTypeHandshake, []byte{typeHelloRequest, 0, 0, 0})
+	}
+
 	// SSL 3.0 and TLS 1.0 are susceptible to a chosen-plaintext
 	// attack when using block mode ciphers due to predictable IVs.
 	// This can be prevented by splitting each Application Data
commit	27a0d086f7bbf7076270dbeee5e65552eb2eab3a	[log] [tgz]
author	Adam Langley <agl@google.com>	Tue Nov 03 13:34:10 2015 -0800
committer	Adam Langley <agl@google.com>	Tue Nov 03 21:58:13 2015 +0000
tree	00698a302fc48789c26acbb68fa6cf7a876f5f6f
parent	fa9eb568b07597af5ff75dd2bb8204e40fbfea78 [diff] [blame]