• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1980
  • Last Modified:

Re-negotiation handshake failed: Not accepted by client!?

We recently renewed an ssl cert on a web server and now see the following error in the logs.

In ssl_request log
Re-negotiation handshake failed: Not accepted by client!?

In ssl_error_log
 AH02042: rejecting client initiated renegotiation

Are these simply clients updating or unable to and a problem? And if a problem, how can it be fixed since we simply renewed the cert.

UPDATE: I thought this was ssl related but I'm now seeing the second error on a server that didn't get an SSL renewal.

AH02042: rejecting client initiated renegotiation
0
projects
Asked:
projects
  • 4
  • 3
1 Solution
 
gheistCommented:
Which means that client is security scanner / attacker. It is best to reduce log level to ignore such messages.
0
 
projectsAuthor Commented:
Are you sure about that because it is funny timing that I have never seen these before the SSL cert was played with.
0
 
gheistCommented:
It has nothing to do with certificate, or its validity or its size.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
projectsAuthor Commented:
If it has nothing to do with the certificate then it definitely includes not it's validity or its size :).
However, my question is, how do you know for sure this is unrelated to ssl cert then since it looks like an ssl error.
0
 
gheistCommented:
Drill through qualys server test.
AH02042 is so-called insecure renegotiation that can be used to dry server's random pool and enormous rate.
0
 
projectsAuthor Commented:
Do you mean this?
https://www.qualys.com/

So it's just scanning and since I'm not seeing a large enough number of them to panic, it must mean all is fine with the server then?

And, it just happened to be coincidence that I've started seeing these since renewing the SSL cert?
0
 
projectsAuthor Commented:
It looks like you are not exactly correct and that this is a well known SSL issue that's come up before.
I'll dig up the info and post it. If you are right, then I'll award it even though your reply about looking things up is rather than guessing is rather snide.
I'm not sure why you bother to reply to my questions anymore, all you do is throw personal comments in there. If I wanted that, I'd go to any forum out there but instead I pay to try and remain professional. Kinda tired of those kinds of remarks.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now