One of our clients complains that he cannot access our ssl web server. We use Ubuntu 12.04, Apache 2.2.22, and our version of OpenSSL is 1.0.1. The Apache error log says the following:
[error] [client xxx.xxx.xxx.xxx] Re-negotiation request failed
[error] SSL Library Error: 336068946 error:14080152:SSL routines:SSL3_ACCEPT:unsafe legacy renegotiation disabled
According to the Apache access log, they use very old browsers. I read that adding the options "SSLVerifyClient optional" and "SSLInsecureRenegotiation on" fixes this problem. However, the Apache error log still gives us this error.
<VirtualHost *:443>
SSLEngine on
SSLProtocol all -SSLv2
....
....
SSLVerifyClient optional
SSLInsecureRenegotiation on
</VirtualHost>
Is there something wrong with our virtualhost configuration? Since our client will not correct this at the end, is there anything else we could try besides this?
source
share