AnsweredAssumed Answered

How to Disable Insecure Client-Renegotiation in Apache

Question asked by Robert Ordinario on Jan 15, 2015
Latest reply on Jan 15, 2015 by Adm Selec

Hi all,


On one of the servers I am testing, The Qualys SSL Labs Server Test results show


Secure RenegotiationNot supported   ACTION NEEDED (more info)
Secure Client-Initiated RenegotiationNo
Insecure Client-Initiated RenegotiationSupported   INSECURE (more info)

Can someone please advise on where can the Secure Renegotiation and Insecure Client-Initiated Renegotiation be disabled?


The server is running on Apache/httpd v 2.0.59 and Open SSL version 1.0.1e.


I was trying to find something similar to the SSLInsecureRenegotiation directive but it is only available on versions of Apache v.2.0.64 and later.


Thanks in advance for your help.