Comment Apache Server Settings (Score 4, Informative) 47
#1 - this has been a topic of conversation for a while
#2 - per documentation at apache (Yes, I dare say a majority of web servers are running apache)
There is a flag that can turn renegotiation on/off
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
Available in httpd 2.0.64 and later, if using OpenSSL 0.9.8m or later
The default setting is:
SSLInsecureRenegotiation off
#3 - which leads to the conclusion that this is overhyped.