Forum Discussion
MistvanHun
Sep 25, 2023Copper Contributor
Secure Client-Initiated Renegotiation fail
Hi,
We've got a problem with the iis webserver on our windows server 2019.
We got a penetration test with the followin error after a testssl check:
Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat
How can I fix this?
Thanks a lot,
Istvan
1 Reply
- aelhajCopper ContributorOpen Registry Editor (regedit.exe) and navigate to the next path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
Create or modify a registry entry called DisableRenegoOnClient as a DWORD value. Set its value to 1 to disable client-initiated renegotiation. If the entry already exists, update its value.
Restart the Serve