Extended renegotiation critical mode

Edit online

This field has meaning for TLSv1.2 and prior versions; it does not apply to TLSv1.3 and newer versions.

This application definition field determines whether the application requires the peer provide the RFC 5746 renegotiation indication during the initial handshake.

For more information, see TLS Extended Renegotiation Critical Mode in the Renegotiation topic under System TLS system level settings.

The default value is *PGM, which means the program that uses this "application ID" already set the mode to the appropriate value. The program is either using the System TLS default value or a value that is set explicitly by the gsk_attribute_set_enum() API call for this attribute.

Set to “Enable” to require the RFC 5746 renegotiation indication is included in the initial handshake for the initial handshake to be successful. By design, this application is no longer able to handshake with peers that have not or cannot be updated to support RFC 5746.

Set this application definition field to “Disable” if the application does not require RFC 5746 renegotiation indication from the peer on initial handshake. The RFC 5746 renegotiation indication is still required for all renegotiated handshakes.

Note: The application always provides the RFC 5746 renegotiation indication information to the peer regardless of the value of this setting.