I am trying to remediate the ..SSLv3.0/TSLv1.0 Protocol Weak CBC Mode Vulnerability with the recommended solution and it is not working. I am trying remediate an Apache 2.0.58 web server. Below is the settings for the ssl.conf file:
# General setup for the virtual host
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SLProtocol -ALL +SSLv3 +TLSv1
I am unable to use the 'SSLHonorCipherOrder' field because Apache 2.0.58 does not recognize the field setting. Any recommendations on how to remediate this vulnerability?
Thanks in advance,