TWSD-801 Required Secure renegotiation option in SSL RealHost // AS-10207// SIDRA
Review Request #1291 — Created Jan. 7, 2026 and submitted — Latest diff uploaded
| Information | |
|---|---|
| peteryeh | |
| APV10 | |
| rel_apv_10_7_4 | |
| TWSD-801 | |
| Reviewers | |
| kevin.poh, mingji, weikai | |
Root cause:
APV SSL client not accept renegotiation for real host side.Solution: * Make ssl_client parse renegotiation extension of TLSv1.2 handshake packets from backend TLS Server (using OpenSSL s_server to init renegotiation) * Need to use AES_256_GCM_SHA384 as first cipher of rhost (legacy)
OpenSSL s_server as backend server with curl as front-end client.