OCI - Receiving openssl "error:0A000152:SSL routines::unsafe legacy renegotiation disabled"
Applies To:
Oracle Cloud Infrastructure
Linux OS
Symptoms
While accessing an secure URL, getting below error message:
"error:0A000152:SSL routines::unsafe legacy renegotiation disabled"
Cause
The error mentions unsafe legacy renegotiation.
This error means that you are running as a client attempting to connect to a server that does not support secure renegotiation (the mitigation against CVE-2009-3555) which are now aborted by default in OpenSSL 3.0. (or your corporate firewall not supporting it)
Unfixed version of renegotiation is known as "unsafe legacy renegotiation" in OpenSSL. The fixed version is known as "secure renegotiation". So either a peer does not have the fix, in which case it will be using "unsafe legacy renegotiation", or it does have the fix in which case it will be using "secure renegotiation".