Disable renegotiation by default in example cli/srv
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 3b8dec7..eb48eb1 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -54,7 +54,7 @@
#define DFL_PSK ""
#define DFL_PSK_IDENTITY "Client_identity"
#define DFL_FORCE_CIPHER 0
-#define DFL_RENEGOTIATION SSL_RENEGOTIATION_ENABLED
+#define DFL_RENEGOTIATION SSL_RENEGOTIATION_DISABLED
#define DFL_ALLOW_LEGACY SSL_LEGACY_NO_RENEGOTIATION
#define DFL_RENEGOTIATE 0
#define DFL_MIN_VERSION -1
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 7a23e77..4bb457c 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -73,7 +73,7 @@
#define DFL_PSK ""
#define DFL_PSK_IDENTITY "Client_identity"
#define DFL_FORCE_CIPHER 0
-#define DFL_RENEGOTIATION SSL_RENEGOTIATION_ENABLED
+#define DFL_RENEGOTIATION SSL_RENEGOTIATION_DISABLED
#define DFL_ALLOW_LEGACY SSL_LEGACY_NO_RENEGOTIATION
#define DFL_RENEGOTIATE 0
#define DFL_MIN_VERSION -1
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 2ec39b7..60efe8d 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -496,8 +496,8 @@
-S "write hello request"
run_test "Renegotiation #1 (enabled, client-initiated)" \
- "$P_SRV debug_level=4" \
- "$P_CLI debug_level=4 renegotiate=1" \
+ "$P_SRV debug_level=4 renegotiation=1" \
+ "$P_CLI debug_level=4 renegotiation=1 renegotiate=1" \
0 \
-c "client hello, adding renegotiation extension" \
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
@@ -509,8 +509,8 @@
-S "write hello request"
run_test "Renegotiation #2 (enabled, server-initiated)" \
- "$P_SRV debug_level=4 renegotiate=1" \
- "$P_CLI debug_level=4" \
+ "$P_SRV debug_level=4 renegotiation=1 renegotiate=1" \
+ "$P_CLI debug_level=4 renegotiation=1" \
0 \
-c "client hello, adding renegotiation extension" \
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
@@ -522,8 +522,8 @@
-s "write hello request"
run_test "Renegotiation #3 (enabled, double)" \
- "$P_SRV debug_level=4 renegotiate=1" \
- "$P_CLI debug_level=4 renegotiate=1" \
+ "$P_SRV debug_level=4 renegotiation=1 renegotiate=1" \
+ "$P_CLI debug_level=4 renegotiation=1 renegotiate=1" \
0 \
-c "client hello, adding renegotiation extension" \
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
@@ -536,7 +536,7 @@
run_test "Renegotiation #4 (client-initiated, server-rejected)" \
"$P_SRV debug_level=4 renegotiation=0" \
- "$P_CLI debug_level=4 renegotiate=1" \
+ "$P_CLI debug_level=4 renegotiation=1 renegotiate=1" \
1 \
-c "client hello, adding renegotiation extension" \
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
@@ -548,7 +548,7 @@
-S "write hello request"
run_test "Renegotiation #5 (server-initiated, client-rejected)" \
- "$P_SRV debug_level=4 renegotiate=1" \
+ "$P_SRV debug_level=4 renegotiation=1 renegotiate=1" \
"$P_CLI debug_level=4 renegotiation=0" \
0 \
-C "client hello, adding renegotiation extension" \