diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc index 19f256dc..283f22c3 100644 --- a/ssl/t1_lib.cc +++ b/ssl/t1_lib.cc @@ -802,7 +802,7 @@ static int ext_ri_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, #endif if (!ok) { OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH); - *out_alert = SSL_AD_ILLEGAL_PARAMETER; + *out_alert = SSL_AD_HANDSHAKE_FAILURE; return 0; } ssl->s3->send_connection_binding = 1; diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index c5f99715..a3d9139a 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -7047,6 +7047,7 @@ func addRenegotiationTests() { flags: []string{"-renegotiate-freely"}, shouldFail: true, expectedError: ":RENEGOTIATION_MISMATCH:", + expectedLocalError: "handshake failure", }) testCases = append(testCases, testCase{ name: "Renegotiate-Client-BadExt", @@ -7060,6 +7061,7 @@ func addRenegotiationTests() { flags: []string{"-renegotiate-freely"}, shouldFail: true, expectedError: ":RENEGOTIATION_MISMATCH:", + expectedLocalError: "handshake failure", }) testCases = append(testCases, testCase{ name: "Renegotiate-Client-BadExt2", @@ -7073,6 +7075,7 @@ func addRenegotiationTests() { flags: []string{"-renegotiate-freely"}, shouldFail: true, expectedError: ":RENEGOTIATION_MISMATCH:", + expectedLocalError: "handshake failure", }) testCases = append(testCases, testCase{ name: "Renegotiate-Client-Downgrade", @@ -7086,6 +7089,7 @@ func addRenegotiationTests() { flags: []string{"-renegotiate-freely"}, shouldFail: true, expectedError: ":RENEGOTIATION_MISMATCH:", + expectedLocalError: "handshake failure", }) testCases = append(testCases, testCase{ name: "Renegotiate-Client-Upgrade", @@ -7099,6 +7103,7 @@ func addRenegotiationTests() { flags: []string{"-renegotiate-freely"}, shouldFail: true, expectedError: ":RENEGOTIATION_MISMATCH:", + expectedLocalError: "handshake failure", }) testCases = append(testCases, testCase{ name: "Renegotiate-Client-NoExt-Allowed",