Follow

BEAST (Browser Exploit Against SSL/TLS)

In response SSL has been configured to prefer RC4 ciphers over block-based ciphers to limit, but not eliminate, exposure. Due to browser compatibility we left other ciphers available as a graceful degradation. We choose not to use TLS 1.1 or 1.2 because this is not compatible with major browser versions such as Firefox, Safari and Chrome, according to CVE-2011-3389 details.

According to TrustWave Remediation notes, affected users that implement these prioritization/degradation techniques for mitigation as described above should appeal this vulnerability and include details of the SSL configuration.

The SSL configuration has been set to the following:

SSLCipherSuite RC4-SHA:AES128-SHA:HIGH: !aNULL: !MD5
SSLHonorCipherOrder on

 

All of the above information should be configured and sent within the TrustWave appeal.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.