2 Replies Latest reply: Oct 6, 2011 5:24 AM by QM_SSJ4 RSS

BEAST Attack - Not Vulnerably

Mark Shaw



Firstly...SLLlabs is a fantastic tool


Question - How does a site pass the BEAST check, exactly what are you looking for?



  • BEAST Attack - Not Vulnerably
    Ivan Ristic

    Although there are several ways to mitigate BEAST, we are currently testing for one of them -- forced use of RC4 ciphers. Our test looks for two conditions: 1) server must choose cipher suites and 2) servers must choose RC4 if offered.


    We will be implementing other tests soon.

    • BEAST Attack - Not Vulnerably

      Are you performing the same test on the Vuln Scan side for QID 90741? I notice this is an Authenticated Only detection so I'm assuming something must be different. Can you provide details on QID 90741detection as well?