Date: Sat, 9 Feb 2013 20:09:50 +0100
From:
dbucherml@xxxxxxxxxxxxx
To:
users@xxxxxxxxxxxxxxxx
Subject: Very confused about Re-negotiation
request failed (and SSLInsecureRenegotiation)
Dear all,
Many users (but not all) are complaining that they can't
access our SSL webserver.
After some research I found two kind of error in apache
logs :
a) Re-negotiation request failed / SSL Library Error:
336068931 error:14080143:SSL routines:SSL3_ACCEPT:unsafe
legacy renegotiation disabled
b) Re-negotiation handshake failed: Not accepted by
client!?
At first I really don't understand at all why this could
happen ?
And secondly, I found some advices to add the "
SSLInsecureRenegotiation
on" option. Is it a solution, and is it only for very
old browsers or can it be required for still in use
browsers ?
Thanks in advance for some help or any hint :-)
Best regards,
Denis