3.8.16. EAPTLS_AllowUnsafeLegacyRenegotiation Previous topic Parent topic Child topic Next topic

This optional parameter enables legacy insecure renegotiation between OpenSSL and unpatched clients or servers. It is used with TLS-based EAP types, such as TLS, TTLS, and PEAP, and with OpenSSL version 0.9.8m or later. OpenSSL 0.9.8m and later always attempts to use secure renegotiation as described in RFC5746. This counters the prefix attack described in CVE-2009-3555 and elsewhere.