Forbid renego in SSL 3.0. We need to retain a pair of Finished messages for renegotiation_info. SSL 3.0's is actually larger than TLS 1.2's (always 12 bytes). Take renegotiation out in preparation for trimming them to size. Change-Id: I2e238c48aaf9be07dd696bc2a6af75e9b0ead299 Reviewed-on: https://boringssl-review.googlesource.com/11570 Reviewed-by: Adam Langley <agl@google.com>

commit: 34941c0cab2932fcb40652511ab071fc8d050912 [log] [tgz]
author: David Benjamin <davidben@google.com> Sat Oct 08 11:45:31 2016 -0400
committer: Adam Langley <agl@google.com> Sun Oct 09 17:44:54 2016 +0000
tree: 4fedb85eb295a29ab097e5f0e9d92e7cff4931bf
parent: 49ddf41557b893fd0ecc7f44ca8958bded09d55c [diff] [blame]
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 95dbc0d..4599687 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -5689,6 +5689,22 @@
 		},
 	})
 
+	// Renegotiation is not allowed at SSL 3.0.
+	testCases = append(testCases, testCase{
+		name: "Renegotiate-Client-SSL3",
+		config: Config{
+			MaxVersion: VersionSSL30,
+		},
+		renegotiate: 1,
+		flags: []string{
+			"-renegotiate-freely",
+			"-expect-total-renegotiations", "1",
+		},
+		shouldFail:         true,
+		expectedError:      ":NO_RENEGOTIATION:",
+		expectedLocalError: "remote error: no renegotiation",
+	})
+
 	// Stray HelloRequests during the handshake are ignored in TLS 1.2.
 	testCases = append(testCases, testCase{
 		name: "StrayHelloRequest",
commit	34941c0cab2932fcb40652511ab071fc8d050912	[log] [tgz]
author	David Benjamin <davidben@google.com>	Sat Oct 08 11:45:31 2016 -0400
committer	Adam Langley <agl@google.com>	Sun Oct 09 17:44:54 2016 +0000
tree	4fedb85eb295a29ab097e5f0e9d92e7cff4931bf
parent	49ddf41557b893fd0ecc7f44ca8958bded09d55c [diff] [blame]