SSLPermitClientRenegotiation
Boolean
true
Purpose
The SSLPermitClientRenegotiation parameter specifies whether an application server permits an SSL thin client to renegotiate a connection. By setting the parameter to true, you are:
-
Complying with Payment Card Industry (PCI) checks regarding overcoming vulnerability to CVE‑2009‑3555‑based attacks
-
Protecting against Denial of Service (DoS) attacks
If the parameter is set to false, any client-initiated renegotiation causes the network connection to be dropped.
An additional log message has been added to log the build version of OpenSSL and the version of the OpenSSL library DLLs used (that is, ssleay32.dll and libeay32.dll).
To support secure client renegotiations, you require a minimum version of 1.0.2g of the OpenSSL libraries.
Parameter is read when …
The first SSL connection is made.
