allow-legacy-renegotiation
This command controls whether to allow SSL renegotiation with SSL clients that do not support RFC 5746.
Syntax
allow-legacy-renegotiation { on | off }
Parameters
- on
-
Allows SSL renegotiation with SSL clients that do not support RFC 5746.
- off
-
Does not allow SSL renegotiation with SSL clients that do not support RFC 5746. This setting is the default value.
Guidelines
The allow-legacy-renegotiation command controls whether to allow SSL renegotiation with SSL clients that do not support RFC 5746. By default, this support is disabled because renegotiation with such clients is vulnerable to man-in-the-middle attacks as documented in CVE-2009-3555.