AnsweredAssumed Answered

How to disable Insecure Client-Initiated Renegotiation in IIS8

Question asked by David Lee on Apr 15, 2014
Latest reply on Apr 16, 2014 by Olivier

Hello all,


So I have been doing some testing today and noticed that I get the following results when I test my site. 


Secure RenegotiationNot supported   ACTION NEEDED (more info)
Secure Client-Initiated RenegotiationNo
Insecure Client-Initiated RenegotiationSupported   INSECURE (more info)



I am not the person that programmed the website.  Whats odd, is that I have a second website that was programmed from an outside source which tests fine and both run on the same web server.  Are these settings controlled by IIS or in the coding of the website itself?  If they are in the coding, where can I look to find the switches or coding for them so I can change it?  I know this has probably been asked a lot, so I thank you for your patience and understanding.