On one of the servers I am testing, The Qualys SSL Labs Server Test results show
|Secure Renegotiation||Not supported ACTION NEEDED (more info)|
|Secure Client-Initiated Renegotiation||No|
|Insecure Client-Initiated Renegotiation||Supported INSECURE (more info)|
Can someone please advise on where can the Secure Renegotiation and Insecure Client-Initiated Renegotiation be disabled?
The server is running on Apache/httpd v 2.0.59 and Open SSL version 1.0.1e.
I was trying to find something similar to the SSLInsecureRenegotiation directive but it is only available on versions of Apache v.2.0.64 and later.
Thanks in advance for your help.