[gnutls-devel] why is gnutls_rehandshake() only for use by servers?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Jan 26 05:51:32 CET 2013

Hi GnuTLS folks--


documents gnutls_rehandshake, and it suggests:

> This function will renegotiate security parameters with the
> client. This should only be called in case of a server.

However, the TLS 1.2 RFC section that describes Client Hello seems to
suggest that a client can initiate a re-handshake as well:


> The client can also send a ClientHello in response to a HelloRequest
> or on its own initiative in order to renegotiate the security
> parameters in an existing connection.

What should a GnuTLS-based TLS client do if it wants to initiate a

I'm probably missing something obvious, so please don't be afraid to
spell it out :)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 965 bytes
Desc: not available
URL: </pipermail/attachments/20130125/20c12fcf/attachment.pgp>

More information about the Gnutls-devel mailing list