My application is deployed in Jboss 6.1.0 AS and  uses java version "1.7.0_40".

After a vulnerability scan,  I was suggested to disable the tls renegotiation.

If connecting with the OpenSSL (version OpenSSL 1.0.1 14 Mar 2012)  I get:

      Server public key is 1024 bit

      Secure Renegotiation IS supported

      Compression: NONE

If trying to renegotiate, I receive an error in the openssl and the following exception is printed in my server console log:

WARN  [org.apache.tomcat.util.net.jsse.JSSESocketFactory] SSL renegotiation is disabled, closing connection

If connecting with sslyze I get:

       Session Renegotiation:

       Client-initiated Renegotiations:   VULNERABLE - Server honors client-initiated renegotiations

      Secure Renegotiation:              OK - Supported

The same warn is displayed if I try to renegotiate using sslyze.

How can I disable  the tls  client initiated Renegotiation?or is it already disabled by default given the fact that I receive the above mentioned

WARN every time I try to renegotiate.