httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Denis BUCHER (lists)" <dbuche...@hsolutions.ch>
Subject Re: [users@httpd] Very confused about Re-negotiation request failed (and SSLInsecureRenegotiation)
Date Tue, 12 Feb 2013 11:54:23 GMT
Dear Ed,

What's surprising me is that I got more than 10% of users complaining 
they can't access our webserver. Are so many people equipped with 
outdated browsers ?

Denis

Le 11.02.2013 09:33, Edward Quick a écrit :
> Hi Denis,
> I've been through exactly the same situation. There isn't anything you 
> can do from the apache side to fix this apart from enabling insecure 
> renegotiation, but you shouldn't.
>
> The customers have to fix their end by possibly upgrading to a later 
> browser in the case of FF/Chrome.
>
> Assuming your customers are on Windows, and using IE8 or below, then 
> apply http://support.microsoft.com/kb/980436. Windows SP3 is a 
> prerequisite.
>
> Hope this helps,
> Ed.
>
> ------------------------------------------------------------------------
> Date: Sat, 9 Feb 2013 20:09:50 +0100
> From: dbucherml@hsolutions.ch
> To: users@httpd.apache.org
> Subject: [users@httpd] Very confused about Re-negotiation request 
> failed (and SSLInsecureRenegotiation)
>
> Dear all,
>
> Many users (but not all) are complaining that they can't access our 
> SSL webserver.
>
> After some research I found two kind of error in apache logs :
> a) Re-negotiation request failed / SSL Library Error: 336068931 
> error:14080143:SSL routines:SSL3_ACCEPT:unsafe legacy renegotiation 
> disabled
> b) Re-negotiation handshake failed: Not accepted by client!?
>
> At first I really don't understand at all why this could happen ?
>
> And secondly, I found some advices to add the 
> "|SSLInsecureRenegotiation on" option. Is it a solution, and is it 
> only for very old browsers or can it be required for still in use 
> browsers ?
>
> Thanks in advance for some help or any hint :-)
>
> Best regards,
>
> |Denis
>


Mime
View raw message