Reputation: 11
Need help in BEAST attack prevention for DV SSL
I recently purchased the SSL from SSL 123 DV Thawte Inc for one of my client's domain. Post installation of the certificate I checked the domain using crypto-checker provided by Thawte.
I received an alert stating the site is open to BEAST Attack vulnerability.
To dig deeper, I used SSLLabs to identify the Insecure Ciphers.
Following are the Ciphers identified as not secured. I need help in closing these holes.
Screenshot of in secured ciphers
I am using Apache 2.4 web server over Ubuntu 16 64 Bit.
Upvotes: 0
Views: 244
Answers (1)
Reputation: 17886
Any up to date browser has circumventions for BEAST, meanwhile I don't think those ciphers are flagged because of BEAST in the SSL Labs report. It turns out the BEAST alternatives needed for a high level of compat (rc4) are worse then the previously BEAST-affected ciphers.
You should use an alternate SSLCipherSuite to make sure weak ciphers are at the bottom instead of that one you have at the top. Instead of trying to ad-lib it, you should start with a config from https://mozilla.github.io/server-side-tls/ssl-config-generator/
Upvotes: 1
Related Questions
- Beast SSL Connection Graceful Shutdown
- How to redirect from HTTP to HTTPS with Beast C++ library?
- Configure Apache TLSv 1.2
- Apache Camel 2.14 Rest DSL Security
- How to configure TLS connections to protect them from freak attack (CVE 2015-0204)?
- Poodle vulnerability need to change SSL 3.0 to TLS
- Oracle HTTP Server (OHS) Apache 2.2.13 Poodle SSLv3 Fix?
- Securing a Thrift server aginst the POODLE SSL vulnerability
- Solution to BREACH vulnerability?
- protect tomcat 6 apr SSL against BEAST attack