Reputation: 4197
"server certificate change is restricted during renegotiation" error in BURP
I'm using BURP and I always get this alert after a while (maybe like 2-3 minutes of use)
javax.net.ssl.SSLHandshakeException: server certificate change is restrictedduring renegotiation
any idea where that could come from? I don't see anyone talking about it on internet
Upvotes: 0
Views: 5847
Answers (2)
Reputation: 101
You're having the exact same issue that has been asked previously: What means "javax.net.ssl.SSLHandshakeException: server certificate change is restrictedduring renegotiation" and how to prevent it?
In short the issue is due to security controls in the newer Java versions that check whether the certificate that it received for the hostname has the same contents (Subject, Issuer, SANs) as the one it previously received.
Upvotes: 3
Reputation: 1
This has to do with newer versions of Java with older versions (or the free version) of Burp Suite, and using an upstream proxy. Burp Suite Pro v1.6.07+ fixes this, as well as turning off the upstream proxy or downgrading your Java (though not recommended).
Upvotes: 0
Related Questions
- CL+SSL SSL Error: Unsafe legacy renegotiation disabled. How to bypass or resolve?
- What means "javax.net.ssl.SSLHandshakeException: server certificate change is restrictedduring renegotiation" and how to prevent it?
- How does burp-suite intercept https requeest inspite of the encryption?
- client failed to negotiate an ssl connection : no cipher suites in common -- burp suite
- Burp Suite - Pixel 2 XL (Android P) can't find a way to certificate using Burp Suite
- "YOUR CONNECTION IS NOT PRIVATE" error after installing burp certificate on android 8.1.0
- server certificate change is restricted during renegotiation for TLS_1.2 with Java 8
- Secure Renegotiation is not supported OpenSSL issue
- TLS Service returns Alert:decrypt_error when renegotiating
- OpenSSL secure renegotiation failed