I have configured my CipherSuite in "pound" (http://www.apsis.ch/pound/index_html) as per the folowing post "https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls" but the BEAST attack still showing on scanning report . Please help me to solving this issue.
My current Ciphersuit settings : "ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH"
Openssl version : "OpenSSL 1.0.1c 10 May 2012"
Hi Lenin, the issue is probably that you don't have pound configured to choose which suites are used. At the moment, your server allows clients to choose, and they choose a CBC suite. I don't know how cipher suite preference is configured in pound, so I can't help there. You're looking for the equivalent of "SSLHonorCipherOrder On" in Apache httpd.
Hi Ivan Ristic,
Issue has been fixed. I got equivalent of "SSLHonorCipherOrder On" for pound which is "SSLHonorCipherOrder 1" for that i applied some patches in pound from http://jonaspasche.com/pound/
Thanks for your help