rejecting client initiated renegotiation

A TLS client attempted to renegotiate the session after the handshake. Apache/mod_ssl rejects client-initiated renegotiation by default as a defence against the TLS renegotiation attack (CVE-2009-3555).

References

httpd.apache.org/docs/current/mod/mod_ssl.html
nvd.nist.gov/vuln/detail/CVE-2009-3555

In this namespace

← previous AH02292 Cannot start SSL without certificate and private key

— end of namespace —

AH00492 AH00494 AH00558 AH01630 AH02292 AH02572