How to Disable SSL and TLS Renegotiation Starting in iPlanet Web Server (Doc ID 1395601.1)

Last updated on JUNE 13, 2017

Applies to:

Oracle iPlanet Web Server - Version 7.0 and later
Information in this document applies to any platform.
Although this document is directed towards iPlanet Web Server 7.0, it is also applicable to 6.1.

Web Server 6.1 SP12 included NSS 3.12.5, which provided relief, but not resolution, for the SSL/TLS renegotiation vulnerability CVE-2009-3555. Additionally, Web Server 6.1 SP12 disabled all use of SSL/TLS renegotiation in order to protect Web Server from attack. If either the client or Web Server attempted to trigger renegotiation on an existing SSL/TLS session, the connection would fail.
Web Server 6.1 SP13 includes NSS 3.12.7, which provides safe SSL/TLS renegotiation and so provides resolution of CVE-2009-3555. As a result, Web Server 6.1 SP13 re-enables use of SSL/TLS renegotiation.

Goal

This document explains how to disable SSL and TLS renegotiation.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms