On 7 Jun 2017, at 14:29, Victor Stinner <victor.stinner@gmail.com> wrote:
2017-06-07 10:56 GMT+02:00 Nathaniel Smith <njs@pobox.com>:
Another testing challenge is that the stdlib ssl module has no way to trigger a renegotiation, and therefore there's no way to write tests to check that it properly handles a renegotiation, even though renegotiation is by far the trickiest part of the protocol to get right. (In particular, renegotiation is the only case where attempting to read can give WantWrite and vice-versa.)
Renegociation was the source of a vulnerability in SSL/TLS protocols, so maybe it's a good thing that it's not implemented :-) https://www.rapid7.com/db/vulnerabilities/tls-sess-renegotiation
Renegociation was removed from the new TLS 1.3 protocol: https://tlswg.github.io/tls13-spec/ "TLS 1.3 forbids renegotiation"
Renegotiation remains extremely widely deployed with TLS client certificates in enterprise environments, sadly. Cory