Recognizing a Request to Renegotiate a Connection
The DecryptMessage (General) function traps requests for renegotiation coming from the message sender. It notifies your application by decrypting the message data and returning the SEC_I_RENEGOTIATE value.
Your application must handle such requests by calling AcceptSecurityContext (General) (servers) or InitializeSecurityContext (General) (clients) and passing the contents of SECBUFFER_EXTRA returned from DecryptMessage in the SECBUFFER_TOKEN. After this initial call returns a value, proceed as though your application were creating a new connection.