Historically there have been security issues associated with TLS renegotiation. This page describes the renegotiation behaviour of the Tomcat Native library.
Introduction
Client initiated renegotiation
Client initiated renegotiation is disabled. This behaviour is hard-coded and cannot be changed.
Unsafe legacy negotiation
Support for unsafe legacy negotiation depends on OpenSSL. Unsafe legacy
renegotiation is disabled by default and will not be allowed unless the
OpenSSL configuration option
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is set.