AnsweredAssumed Answered

Insecure Client-Initiated Renegotiation checked wrong?

Question asked by Johannes Michler on Dec 1, 2016
Latest reply on Dec 1, 2016 by Bhushan Lokhande

when checking our server we see "Insecure Client-Initiated Renegotiation"=Supported. Though when checking the very same server with a recent OpenSSL Version it shows that the server supports secure renegotiation. When checking with OpenSSL 0.9.8h (which doesn't support secure client-initiated Renegotiation) on an attempt to re-negotiate the connection is closed. So how exactly is qualys /ssllab checking our server? How can I reproduce on our side in order to talk to the server software vendor (Oracle HTTP Server)

Outcomes