You should disable SSL renegotiation as it is vulnerable to the man-in-the-middle attacks.
For information about how to disable SSL renegotiations in Administration Console and Identity Server, see the following sections:
Administration Console: Section 2.11, Disabling SSL Renegotiations
Identity Server: Section 3.11, Disabling SSL Renegotiations
SSL renegotiation is disabled in Access Gateway by default.
NOTE:You may consider enabling SSL renegotiation in the following scenarios
When you require a client authentication.
When you require a different set of encryption and decryption keys.
When you require a different set of encryption and hashing algorithms.
For information about how to enable SSL renegotiation, see SSL Renegotiation
in the NetIQ Access Manager 4.2 Administration Guide .