![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 64%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMI%3C/text%3E%3C/svg%3E)
20,212 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello Mile, István,
The "Secure Client-Initiated Renegotiation Vulnerable" issue found during a penetration test indicates a security vulnerability in your IIS web server configuration. Client-initiated renegotiation is a security concern, as it can potentially expose your server to Denial of Service (DoS) attacks.
To fix this vulnerability, you should disable client-initiated renegotiation on your Windows Server 2019 running IIS following this steps:
- Open Registry Editor (regedit.exe) and navigate to the next path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
- Create or modify a registry entry called DisableRenegoOnClient as a DWORD value. Set its value to 1 to disable client-initiated renegotiation. If the entry already exists, update its value.
- Restart the Server
By disabling client-initiated renegotiation, you address the security vulnerability and reduce the risk of DoS attacks associated with this feature. However, be aware that this change might affect compatibility with some older clients that rely on this renegotiation method.
--If the reply is helpful, please Upvote and Accept as answer--