2 Replies Latest reply: Oct 6, 2011 5:24 AM by QM_SSJ4 RSS

BEAST Attack - Not Vulnerably

Mark Shaw

Hi

 

Firstly...SLLlabs is a fantastic tool

 

Question - How does a site pass the BEAST check, exactly what are you looking for?

 

Cheers

  • BEAST Attack - Not Vulnerably
    Ivan Ristic

    Although there are several ways to mitigate BEAST, we are currently testing for one of them -- forced use of RC4 ciphers. Our test looks for two conditions: 1) server must choose cipher suites and 2) servers must choose RC4 if offered.

     

    We will be implementing other tests soon.

    • BEAST Attack - Not Vulnerably
      QM_SSJ4

      Are you performing the same test on the Vuln Scan side for QID 90741? I notice this is an Authenticated Only detection so I'm assuming something must be different. Can you provide details on QID 90741detection as well?