AnsweredAssumed Answered

How to Disable Insecure Client-Renegotiation in Apache

Question asked by Robert Ordinario on Jan 15, 2015
Latest reply on Jan 15, 2015 by Adm Selec

Hi all,

 

On one of the servers I am testing, The Qualys SSL Labs Server Test results show

 

Secure RenegotiationNot supported   ACTION NEEDED (more info)
Secure Client-Initiated RenegotiationNo
Insecure Client-Initiated RenegotiationSupported   INSECURE (more info)


Can someone please advise on where can the Secure Renegotiation and Insecure Client-Initiated Renegotiation be disabled?

 

The server is running on Apache/httpd v 2.0.59 and Open SSL version 1.0.1e.

 

I was trying to find something similar to the SSLInsecureRenegotiation directive but it is only available on versions of Apache v.2.0.64 and later.

 

Thanks in advance for your help.

Outcomes