httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Edward Quick <edwardqu...@hotmail.com>
Subject RE: [users@httpd] Very confused about Re-negotiation request failed (and SSLInsecureRenegotiation)
Date Tue, 12 Feb 2013 12:25:08 GMT
That doesn't surprise me to be honest. I would say it was a similar number in my case as  
well, It's a tricky one to manage because it's not easy to explain to customers.I tried to
find an alternative solution but there wasn't one, and so passed the problem back to the customers/windows
admins to fix. 

Date: Tue, 12 Feb 2013 12:54:23 +0100
From: dbucherml@hsolutions.ch
To: users@httpd.apache.org
Subject: Re: [users@httpd] Very confused about Re-negotiation request failed (and SSLInsecureRenegotiation)


  
    
  
  
    Dear Ed,

      

      What's surprising me is that I got more than 10% of users
      complaining they can't access our webserver. Are so many people
      equipped with outdated browsers ?

      

      Denis

      

      Le 11.02.2013 09:33, Edward Quick a écrit :

    
    
      
      Hi Denis,
        I've been through exactly the same situation. There isn't
          anything you can do from the apache side to fix this apart
          from enabling insecure renegotiation, but you shouldn't.
        

        
        The customers have to fix their end by possibly upgrading
          to a later browser in the case of FF/Chrome. 
        

        
        Assuming your customers are on Windows, and using IE8 or
          below, then apply http://support.microsoft.com/kb/980436.
          Windows SP3 is a prerequisite.
        

        
        Hope this helps,
        Ed.

          

            
              Date: Sat, 9 Feb 2013 20:09:50 +0100

              From: dbucherml@hsolutions.ch

              To: users@httpd.apache.org

              Subject: [users@httpd] Very confused about Re-negotiation
              request failed (and SSLInsecureRenegotiation)

              

              Dear all,

              

              Many users (but not all) are complaining that they can't
              access our SSL webserver.

              

              After some research I found two kind of error in apache
              logs :

              a) Re-negotiation request failed / SSL Library Error:
              336068931 error:14080143:SSL routines:SSL3_ACCEPT:unsafe
              legacy renegotiation disabled

              b) Re-negotiation handshake failed: Not accepted by
              client!?

              

              At first I really don't understand at all why this could
              happen ?

              

              And secondly, I found some advices to add the "SSLInsecureRenegotiation

                on" option. Is it a solution, and is it only for very
                old browsers or can it be required for still in use
                browsers ?

                

                Thanks in advance for some help or any hint :-)

                

                Best regards,

                

              Denis

              

            
          
        
      
    
    
 		 	   		  
Mime
View raw message