Parameter:
SSL_Renegotiate_AllowedShort description: Allows or denies TLS renegotiation for inbound connections – counterpart to
SSL_Disable_Renegotiate.Profile
Parameter | SSL_Renegotiate_Allowed |
Category | Security / TLS |
Component | Server |
Available since | 9.0 |
Supported versions | 9.0.1, 10.0, 11.0, 12.0, 14.0, 14.5, 14.5.1 |
GUI equivalent | notes.ini only (no GUI) |
Possible values | 0 = not allowed (recommended) • 1 = allowed |
Description
SSL_Renegotiate_Allowed is the positive counterpart to SSL_Disable_Renegotiate and controls whether clients may initiate a renegotiation of encryption parameters during an existing TLS session. For security reasons (CVE-2009-3555) renegotiation should be disabled – value 0. With very old clients or specific mutual-TLS scenarios (requesting a client certificate mid-session), 1 may be necessary, but it should be treated as an exception.Example configuration
SSL_Renegotiate_Allowed=0
Notes & pitfalls
- The default behavior can vary by Domino version – set it explicitly.
- Takes effect after restarting the TLS task.
- Works together with
SSL_Disable_Renegotiate; on conflict, the disable wins.
- Test mutual-TLS / client-cert authentication in some setups before setting
0.