Mitigating the BEAST attack

HTF1

• April 14, 2014 09:54

Hi, I've changed the SSL Cipher Suite to PCI recommended via Apache global configuration and then I included settings listed below into '/usr/local/apache/conf/includes/pre_main_global.conf': SSLProtocol -ALL +SSLv3 +TLSv1 SSLHonorCipherOrder On SSLInsecureRenegotiation Off Apache was restarted afterwards: /usr/local/cpanel/bin/build_apache_conf /etc/init.d/httpd restart - however the server is still failing Global Sign test:

• 

  cPanelMichael

  • April 15, 2014 12:59

  Hello :) Could you elaborate if it's Apache that's failing the scan, or another service? Note the following post might be of help: Beast TLS Vulnerability Thank you.

  0
• 

  HTF1

  • April 16, 2014 07:22

  Hi, Thanks for your help. It looks like the cipher suite from the link you posted solved my problem. Regards

  0

Please sign in to leave a comment.