Hi all, My company relies on Apache for a number of customer facing sites. What's a reliable way to disable client initiated renegotiation (both secure and insecure renegotiation)?. I know one specific openssl library (l) disables this, but then later ones enable "secure" renegotiation, which we need to disable.
Ideally, I'd like a solution through an configuration parameter so that future versions/upgrades do not re-enable renegotiation. Thanks for your help. Regards, Chris.