Sslrequiresafenegotiate Option

Introduced in release: 7.0.5

Setting the  base option requires all SSL/TLS peers to implement safe SSL re-negotiation as specified in RFC 5746. In late 2009, an attack against the SSL/TLS protocol was discovered that makes any client that does not require secure re-negotiation insecure when talking to almost any SSL/TLS server that implements pre-5746 re-negotiation. While our servers are safe from the attack once the NSS 3.12.5 or later patch is installed, this option causes the server to refuse to talk to SSL/TLS clients unless those clients have also been upgraded to be safe from the attack. This feature can be helpful at a security-sensitive site to detect clients that need to be upgraded to improve site security.

The default value is: 0

See also:
 * Base options