Solved

Re-negotiation handshake failed: Not accepted by client!?

Posted on 2016-07-27
8
1,320 Views
Last Modified: 2016-08-22
We recently renewed an ssl cert on a web server and now see the following error in the logs.

In ssl_request log
Re-negotiation handshake failed: Not accepted by client!?

In ssl_error_log
 AH02042: rejecting client initiated renegotiation

Are these simply clients updating or unable to and a problem? And if a problem, how can it be fixed since we simply renewed the cert.

UPDATE: I thought this was ssl related but I'm now seeing the second error on a server that didn't get an SSL renewal.

AH02042: rejecting client initiated renegotiation
0
Comment
Question by:projects
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 62

Accepted Solution

by:
gheist earned 500 total points (awarded by participants)
ID: 41734949
Which means that client is security scanner / attacker. It is best to reduce log level to ignore such messages.
0
 

Author Comment

by:projects
ID: 41736108
Are you sure about that because it is funny timing that I have never seen these before the SSL cert was played with.
0
 
LVL 62

Expert Comment

by:gheist
ID: 41736633
It has nothing to do with certificate, or its validity or its size.
0
How To Reduce Deployment Times With Pre-Baked AMIs

Even if we can't include all the files in the base image, we can sometimes include some of the larger files that we would otherwise have to download, and we can also sometimes remove the most time-consuming steps. This can help a lot with reducing deployment times.

 

Author Comment

by:projects
ID: 41736641
If it has nothing to do with the certificate then it definitely includes not it's validity or its size :).
However, my question is, how do you know for sure this is unrelated to ssl cert then since it looks like an ssl error.
0
 
LVL 62

Expert Comment

by:gheist
ID: 41736659
Drill through qualys server test.
AH02042 is so-called insecure renegotiation that can be used to dry server's random pool and enormous rate.
0
 

Author Comment

by:projects
ID: 41736682
Do you mean this?
https://www.qualys.com/

So it's just scanning and since I'm not seeing a large enough number of them to panic, it must mean all is fine with the server then?

And, it just happened to be coincidence that I've started seeing these since renewing the SSL cert?
0
 

Author Comment

by:projects
ID: 41762809
It looks like you are not exactly correct and that this is a well known SSL issue that's come up before.
I'll dig up the info and post it. If you are right, then I'll award it even though your reply about looking things up is rather than guessing is rather snide.
I'm not sure why you bother to reply to my questions anymore, all you do is throw personal comments in there. If I wanted that, I'd go to any forum out there but instead I pay to try and remain professional. Kinda tired of those kinds of remarks.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question