AnsweredAssumed Answered

Client Side Negotiation

Question asked by Akash Jain on Jan 11, 2013

Hi All,

 

I have -MultiViews set and SSLInsecureNegotation off ( in ifmodule of mod_ssl.c) in Apache.

 

But still vulnerability report says I am vulnerable to client side negotiation and "This server is vulnerable to MITM attacks because it supports insecure renegotiation".

 

Any pointers ?

 

The same configuration works on our TEST environments. THe only difference is the build release versions.

 

The systems where it is vulnerable has 31 around release build and in our TEST environment we have 53 release build version)

 

All on apache 2.2.3 (Oracle provided)

 

Thanks !

Outcomes