How to Disable SSL and TLS Renegotiation Starting in iPlanet Web Server
Last updated on JUNE 13, 2017
Applies to:Oracle iPlanet Web Server - Version 7.0 and later
Information in this document applies to any platform.
Although this document is directed towards iPlanet Web Server 7.0, it is also applicable to 6.1.
Web Server 6.1 SP12 included NSS 3.12.5, which provided relief, but not resolution, for the SSL/TLS renegotiation vulnerability CVE-2009-3555. Additionally, Web Server 6.1 SP12 disabled all use of SSL/TLS renegotiation in order to protect Web Server from attack. If either the client or Web Server attempted to trigger renegotiation on an existing SSL/TLS session, the connection would fail.
Web Server 6.1 SP13 includes NSS 3.12.7, which provides safe SSL/TLS renegotiation and so provides resolution of CVE-2009-3555. As a result, Web Server 6.1 SP13 re-enables use of SSL/TLS renegotiation.
This document explains how to disable SSL and TLS renegotiation.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms