How to Disable SSL and TLS Renegotiation Starting in iPlanet Web Server
(Doc ID 1395601.1)
Last updated on OCTOBER 17, 2018
Applies to:Oracle iPlanet Web Server - Version 7.0 and later
Information in this document applies to any platform.
Although this document is directed towards iPlanet Web Server 7.0, it is also applicable to 6.1.
Web Server 6.1 SP12 included NSS 3.12.5, which provided relief, but not resolution, for the SSL/TLS renegotiation vulnerability CVE-2009-3555. Additionally, Web Server 6.1 SP12 disabled all use of SSL/TLS renegotiation in order to protect Web Server from attack. If either the client or Web Server attempted to trigger renegotiation on an existing SSL/TLS session, the connection would fail.
Web Server 6.1 SP13 includes NSS 3.12.7, which provides safe SSL/TLS renegotiation and so provides resolution of CVE-2009-3555. As a result, Web Server 6.1 SP13 re-enables use of SSL/TLS renegotiation.
This document explains how to disable SSL and TLS renegotiation.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|Confirming SSL/TLS Renegotiation is Disabled:|