Good Morning, I'm currently running two Apache Web Servers (build 2.2.14) on RHEL 5.4 running two versions of the same website. One is our live site and the other is our test site. Each site has identical httpd.conf and httpd-ssl.conf files. The issue I have is related to secure renegotiation in that it's supported on the live site but not on the test site. My understating was that this was either disabled or enabled by using the following command in your httpd-ssl.conf: SSLInsecureRenegotiation off and that version 2.2.15 was required. This has definitely not been specified in the config file, nor is there an SSI or CGI script containing the SSL_SECURE_RENEG environment. I'm also aware that this can also be supported by the client I'm using, however, I've ruled this out by running the test using the same client IE10, Firefox and running 'openssl s_client -connect' on a Linux terminal. Please can someone advise where else I'm likely to find out where this is has been configured as our sites need to be configured exactly the same. Any help or assistance would be much appreciated. Thanks