error:0A000152:SSL routines::unsafe legacy renegotiation disabled with Shibboleth SP 3.4

Nate Klingenstein ndk at
Fri Nov 11 14:33:37 UTC 2022

It turns out the odd one that supported secure renegotiation had an http:// endpoint configured into the MetadataResolver, so the error message is probably accurate in all other cases and misleading only with http://.  There is a 302 redirect issued by the HTTP listener on that server to HTTPS.

Still no idea why the configuration option wouldn't have addressed the issue, though.

Signet, Inc.
The Art of Access ®

-----Original message-----

3) Interestingly, one of them *does* support secure renegotiation.

More information about the users mailing list