First of all, thank you for this invaluable tool to test systems helping everyone be safe and secure.
For the past 2 days I've tried every setting under the sun to try and remove the message:
|BEAST attack||Not mitigated server-side (more info) SSL 3: |
My Apache settings are as follows:
Server version: Apache/2.2.15 (Unix) (CenOs 6.5 Final)
SSLProtocol ALL -SSLv2 -TLSv1
This gives me an A score, but still doesn't remove the BEAST attack vulnerability.
Now from what I understand is that if I upgrade to Apache 2.4 there are some new settings that will allow me to explicitly select or deactivate specific protocols that would address the vulnerability. The problem is that this is currently not supported thus I would be on my own.
Is there any way to negate the BEAST attack with this server configuration (CentOS 6.5 + Apache 2.2) ?