Getting SSL error message "unsafe legacy renegotiation disabled" with mod_ssl in Apache
Issue
- I see the following error being logged in my SSL error logs:
[debug] ssl_engine_kernel.c(1845): OpenSSL: Handshake: start
[debug] ssl_engine_kernel.c(1853): OpenSSL: Loop: before accept initialization
[debug] ssl_engine_kernel.c(1863): OpenSSL: Write: SSLv3 read client hello C
[debug] ssl_engine_kernel.c(1882): OpenSSL: Exit: error in SSLv3 read client hello C
[info] [client 192.168.101.1] SSL library error 1 reading data
[info] SSL Library Error: 336781650 error:1412E152:SSL routines:SSL_PARSE_CLIENTHELLO_TLSEXT:unsafe legacy renegotiation disabled
[info] SSL Library Error: 336109795 error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext
Environment
- Apache HTTPD
- JBoss Enterprise Web Server (EWS)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.