On 9 April 2011 22:48, Chris Hill <chris.hill...@gmail.com> wrote: > Hi all, > > My company relies on Apache for a number of customer facing sites. What's a > reliable way to disable client initiated renegotiation (both secure and > insecure renegotiation)?. I know one specific openssl library (l) disables > this, but then later ones enable "secure" renegotiation, which we need to > disable. > > Ideally, I'd like a solution through an configuration parameter so that > future versions/upgrades do not re-enable renegotiation.
If you are referring to Apache httpd, that sounds like a question for the httpd user mailing list [A]. Or if you are using Apache Tomcat, its user list [T] is the place to ask such questions. [A] http://httpd.apache.org/lists.html [T] http://tomcat.apache.org/lists.html --------------------------------------------------------------------- To unsubscribe, e-mail: community-unsubscr...@apache.org For additional commands, e-mail: community-h...@apache.org