Skip to main content
LoginTry Now
Momentum Documentation
Momentum 4.x
Momentum 3.x
Momentum Mobile
Changelog
Submit a Ticket
Community
Customers
Developer Blog
Developer Hub
Service Status
Momentum
Momentum 3.x
Momentum Reference Manual (3.x)
tls_allow_renegotiation

tls_allow_renegotiation

Last updated March 2020

Name

tls_allow_renegotiation — whether to enable OpenSSL TLS renegotiation

Synopsis

tls_allow_renegotiation = true

Description

This option determines whether OpenSSL TLS renegotiation is enabled or not. The default value for this option is true.

**Configuration Change. ** This option is available as of version 3.5.4.

Note

SSL/TLS renegotiation has a known, inherent, vulnerability to DoS attacks that openSSL views as the responsibility of the higher level application to mitigate. tls_allow_renegotiation addresses this issue by making it possible to deny renegotiation requests.

If you have C policy scripts that incorporate calls to ec_ssl_renegotiate please note this new behavior. In some circumstances, setting this option to false may shut down valid attempts at renegotiation and needlessly drop connections.

In Centos/RHEL 5, Solaris AMD and SPARC distributions when renegotiation is disabled and a renegotiation is attempted from the peer, the openSSL session doesn't close immediately and waits for the SSL connection to timeout.

Scope

tls_allow_renegotiation is valid in the ecstream_listener, esmtp_listener, http_listener, pathway, pathway_group and xmpp_listener scopes and the listen and peer scopes within those listeners.

See Also

tls

Was this page helpful?