Sets how this behaves with respect to rehandshaking requests.
g_tls_rehandshake_never means that it will never agree to rehandshake after the initial handshake is complete. (For a client, this means it will refuse rehandshake requests from the server, and for a server, this means it will close the connection with an error if the client attempts to rehandshake.)
g_tls_rehandshake_safely means that the connection will allow a rehandshake only if the other end of the connection supports the TLS `renegotiation_info` extension. This is the default behavior, but means that rehandshaking will not work against older implementations that do not support that extension.
g_tls_rehandshake_unsafely means that the connection will allow rehandshaking even without the `renegotiation_info` extension. On the server side in particular, this is not recommended, since it leaves the server open to certain attacks. However, this mode is necessary if you need to allow renegotiation with older client software.
this | |
mode |
the rehandshaking mode |