Getting SSL error message "unsafe legacy renegotiation disabled" with mod_ssl in Apache

Solution Unverified - Updated -

Issue

  • I see the following error being logged in my SSL error logs:
[debug] ssl_engine_kernel.c(1845): OpenSSL: Handshake: start
[debug] ssl_engine_kernel.c(1853): OpenSSL: Loop: before accept initialization
[debug] ssl_engine_kernel.c(1863): OpenSSL: Write: SSLv3 read client hello C
[debug] ssl_engine_kernel.c(1882): OpenSSL: Exit: error in SSLv3 read client hello C
[info] [client 192.168.101.1] SSL library error 1 reading data
[info] SSL Library Error: 336781650 error:1412E152:SSL routines:SSL_PARSE_CLIENTHELLO_TLSEXT:unsafe legacy renegotiation disabled
[info] SSL Library Error: 336109795 error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext

Environment

  • Apache HTTPD
  • JBoss Enterprise Web Server (EWS)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content