Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Enabling Secure Client-Initiated Renegotiation |
|
| Author |
|
gijs
Joined: 27 Apr 2012
Posts: 189
Location: The Netherlands
|
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7402
Location: EU, Germany, Next to Hamburg
|
|
| Back to top |
|
gijs
Joined: 27 Apr 2012
Posts: 189
Location: The Netherlands
|
 Posted: Tue 15 Mar '16 19:34 Post subject: |
 |
|
I'm using Apache 2.4.18 from this PPA: https://launchpad.net/~ondrej/+archive/ubuntu/apache2 on Ubuntu 15.10
SSL labs reports:
Secure Renegotiation Supported
Secure Client-Initiated Renegotiation No
Insecure Client-Initiated Renegotiation No |
|
| Back to top |
|
gijs
Joined: 27 Apr 2012
Posts: 189
Location: The Netherlands
|
| Posted: Tue 15 Mar '16 23:46 Post subject: |
|
|
I've checked the openssl version which appears to be:
OpenSSL 1.0.2g 1 Mar 2016
Another thing I've noticed is that next protocol negotiation appears to be disabled according to ssllabs.
Although the site also reports that some browsers(e.g. edge, firefox and chrome) use H2. (TLS 1.2 > h2)
IE11 reports: TLS 1.2 > http/1.1
| Code: |
<IfModule http2_module>
ProtocolsHonorOrder On
Protocols h2 http/1.1
H2Direct on
</IfModule>
|
Not sure why there is no next protocol negotiation reported. Perhaps because the server supports ALPN? |
|
| Back to top |
|
|
|
|
|
|
