Return-Path: Delivered-To: apmail-community-archive@www.apache.org Received: (qmail 59532 invoked from network); 9 Apr 2011 22:33:48 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 9 Apr 2011 22:33:48 -0000 Received: (qmail 60020 invoked by uid 500); 9 Apr 2011 22:33:48 -0000 Delivered-To: apmail-community-archive@apache.org Received: (qmail 59780 invoked by uid 500); 9 Apr 2011 22:33:47 -0000 Mailing-List: contact community-help@apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: community@apache.org List-Id: Delivered-To: mailing list community@apache.org Received: (qmail 59773 invoked by uid 99); 9 Apr 2011 22:33:47 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 09 Apr 2011 22:33:47 +0000 X-ASF-Spam-Status: No, hits=0.0 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of sebbaz@gmail.com designates 209.85.220.178 as permitted sender) Received: from [209.85.220.178] (HELO mail-vx0-f178.google.com) (209.85.220.178) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 09 Apr 2011 22:33:41 +0000 Received: by vxc11 with SMTP id 11so4759483vxc.23 for ; Sat, 09 Apr 2011 15:33:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=p80hv7TIFL8RpkCABgd/Sn//HPaK/alHIDqnB8zDGBE=; b=CnxSN/zns3AIlXbCHBUXrmLXT7+kv7pgU7dwofvwWD5jK4X/v9dACs29TwCyps/PID DI6/i2Zw381Wh5knXNotvsMgW0yokAAzS30/3w60YQQfDkokQZPfr+i9Q1KSf2lVj6bU m7qvuzFTR/qi98bn0dhQj3K+OA4UzeiGeiAkk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=W2AnyIPy30K+Aw89RYr3IHroQ5wX3bET/nJDresU9pmAIc21awGaftT8+v5qKQ3GA9 +qq/lZAXvCF/cBpMBykHY5+Si+PrOsY0XJw1b91eYNkIp/w/GixeqvenhcKq29Fh70p2 FZOWFYwLFjkowBQRb6hJPjMAT5E6Qzu1w3S7s= MIME-Version: 1.0 Received: by 10.52.67.105 with SMTP id m9mr1526281vdt.126.1302388400632; Sat, 09 Apr 2011 15:33:20 -0700 (PDT) Received: by 10.220.95.210 with HTTP; Sat, 9 Apr 2011 15:33:20 -0700 (PDT) In-Reply-To: References: Date: Sat, 9 Apr 2011 23:33:20 +0100 Message-ID: Subject: Re: Disabling client initiated renegotiation From: sebb To: community@apache.org Content-Type: text/plain; charset=ISO-8859-1 On 9 April 2011 22:48, Chris Hill wrote: > Hi all, > > My company relies on Apache for a number of customer facing sites. What's a > reliable way to disable client initiated renegotiation (both secure and > insecure renegotiation)?. I know one specific openssl library (l) disables > this, but then later ones enable "secure" renegotiation, which we need to > disable. > > Ideally, I'd like a solution through an configuration parameter so that > future versions/upgrades do not re-enable renegotiation. If you are referring to Apache httpd, that sounds like a question for the httpd user mailing list [A]. Or if you are using Apache Tomcat, its user list [T] is the place to ask such questions. [A] http://httpd.apache.org/lists.html [T] http://tomcat.apache.org/lists.html --------------------------------------------------------------------- To unsubscribe, e-mail: community-unsubscribe@apache.org For additional commands, e-mail: community-help@apache.org