Renegotiation should be a best practice. Trouble is it's been broken (at the protocol level) three times in the last
fewyears so it's a massive hole in practice.
Ideally we should leave the renegotiate in, and only remove it if configure detects a broken version of TLS.
Personal email. hbhotz@oxy.edu
> On Feb 23, 2015, at 7:01 AM, Albe Laurenz <laurenz.albe@wien.gv.at> wrote:
>
> I'd say it is best to wait if and how OpenSSL change their API when they
> implement TLS 1.3.