SSLPermitClientRenegotiation

Boolean

true

Purpose

The SSLPermitClientRenegotiation parameter specifies whether an application server permits an SSL thin client to renegotiate a connection. By setting the parameter to true, you are:

• Complying with Payment Card Industry (PCI) checks regarding overcoming vulnerability to CVE‑2009‑3555‑based attacks

• Protecting against Denial of Service (DoS) attacks

If the parameter is set to false, any client-initiated renegotiation causes the network connection to be dropped.

A message is added to log the build version of OpenSSL and the version of the OpenSSL DLLs used. The names of the OpenSSL libraries for:

• OpenSSL 1.0.2 are ssleay32.dll and libeay32.dll.

• OpenSSL 3 or higher are libssl‑3‑x64.dll and libcrypto‑3‑x64.dll for 64‑bit and libssl‑3.dll and libcrypto‑3.dll for 32‑bit, respectively.

Parameter is read when …

The first SSL connection is made.