Client-initiated secure renegotiation

Aki Tuomi aki.tuomi at
Thu Mar 10 11:23:24 UTC 2016

On 10.03.2016 12:40, Osiris wrote:


> That's just the question of Florent: how to disable Secure 
> Client-Initiated Renegotiation. 


There is no way to disable this in OpenSSL, and the CVE you refer to has 
been disputed. Please see and

Without altering OpenSSL sources, secure renegotiations will take place.

Aki Tuomi
Dovecot Oy

More information about the dovecot mailing list