A.2 Troubleshooting a Windows SSL Renegotiation

Perform the following steps to enable the SSL renegotiation on Windows 64-bit platform:

  1. Launch Registry Editor by executing the Start > Run regedit command.

  2. In the left pane of Registry Editor, navigate to My Computer > HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\Tomcat5\Parameters\Java\.

  3. Double-click Options in the right pane of the Registry Editor.

  4. Search for the -Dsun.security.ssl.allowUnsafeRenegotiation string.

    • If -Dsun.security.ssl.allowUnsafeRenegotiation is available, set the value to true. For example, -Dsun.security.ssl.allowUnsafeRenegotiation=true

    • If -Dsun.security.ssl.allowUnsafeRenegotiation is not available, add -Dsun.security.ssl.allowUnsafeRenegotiation=true

  5. Go to C:\Program Files(x86)\Novell\Tomcat\conf\server.xml > Server > Service > Connector, then search for the connector 8443 and check if the connector has the port 8443.

  6. Add the allowUnsafeLegacyRenegotiation=true string.

  7. Restart Tomcat to enable the SSL renegotiation.

Perform the following steps to enable the SSL renegotiation on Windows 32-bit platform:

  1. Launch Registry Editor by executing the command regedit in Start > Run.

  2. In the left pane of Registry Editor, navigate to My Computer > HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\Tomcat5\Parameters\Java\.

  3. Double-click Options in the right pane of registry editor.

  4. Search for the -Dsun.security.ssl.allowUnsafeRenegotiation string.

    • If -Dsun.security.ssl.allowUnsafeRenegotiation is available, set the value to true. For example, -Dsun.security.ssl.allowUnsafeRenegotiation=true.

    • If -Dsun.security.ssl.allowUnsafeRenegotiation is not available, add

      -Dsun.security.ssl.allowUnsafeRenegotiation=true.

  5. Go to C:\Program Files(x86)\Novell\Tomcat\conf\server.xml > Server > Service > Connector., then search for the connector 8443 and check if the connector has the port 8443.

  6. Add the allowUnsafeLegacyRenegotiation=true string.

  7. Restart Tomcat to enable the SSL renegotiation.

The following instructions explain how to disable the SSL renegotiation in Windows 32- bit and Windows 64-bit platform:

  1. Launch Registry Editor by executing the command regedit in Start > Run.

  2. In the left pane of Registry Editor, navigate to My Computer > HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\Tomcat5\Parameters\Java\.

  3. Double-click Options in the right pane of registry editor.

  4. Search for the -Dsun.security.ssl.allowUnsafeRenegotiation string.

  5. In -Dsun.security.ssl.allowUnsafeRenegotiation, set the value to false. For example, -Dsun.security.ssl.allowUnsafeRenegotiation=false

  6. Restart Tomcat to disable the SSL renegotiation.