FAQ  〉What does the "unsafe legacy renegotiation disabled" SSL error means?

This error means your server SSL implementation does not support TLS Renegotiation Extension and is now starting to get rejected by some clients, because it took a shortcut in 2010 when mitigating CVE-2009-3555 and never implemented the proper fix after that (or wasn't updated on your end).

It is notably getting rejected by OpenSSL 3+ and even though it currently still work in most browser, there's more and more HTTP clients running a recent OpenSSL version which won't be able to connect any more. So we recommend to act now while you have the time to do so. The most likely fix should be to upgrade your server software.

You can read more about it in this article from 2010.

Adrien Rey-Jarthon
Created on October 17, 2023 · Suggest changes to this page