Secure Renegotiation is not supported
It is possible to inject content into the start of sessions when the server does not support secure renegotiation in the SSL/TLS connections. The server should also support client-initiated renegotiations to be vulnerable to this vulnerability.
Update the webserver application and use the vendor-suggested configurations for production. Below is the configuration for Apache HTTP Server.
Set below directive in Apache configuration:
And add below variable to your environment variables: