Client-initiated renegotiation of the TLS/SSL connection

arildb Jun 25, 2018 9:22 AM

How can we avoid client-initiated renegotiation of the TLS/SSL connection in Wildfly 11?

I have tried to add -Dsun.security.ssl.allowUnsafeRenegotiation=false -Dsun.security.ssl.allowLegacyHelloMessages=false -Dsun.security.ssl.allowUnsafeLegacyRenegotiation=false, but scanning still tells that vi have a vulerability on this.

1. Re: Client-initiated renegotiation of the TLS/SSL connection

arildb Jun 29, 2018 3:20 AM (in response to arildb)

I got it to work using setting jdk.tls.rejectClientInitiatedRenegotiation=true.
Actions