The error message received when attempting to access
myserver.myhost.com via the
openssl s_client command indicates that the server does not support legacy renegotiation. The error can be resolved by enabling the
UnsafeLegacyRenegotiation option on the server, however it is important to understand the underlying issue to ensure a secure connection.
The command being used to access the server is:
openssl s_client -connect myserver.myhost.com:443
The response received is:
CONNECTED(00000003) 80BBF425D37F0000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:../ssl/statem/extensions.c:879: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 3058 bytes and written 336 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1687542368 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no ---
Browser access to
myserver.myhost.com does not generate any warnings, suggesting the underlying issue is related to the
To resolve the issue, it is necessary to enable the
UnsafeLegacyRenegotiation option on the server. However, understanding the underlying issue is important to ensure a secure connection.