AnsweredAssumed Answered

Beast attack mitigation OR Robust FS support -- which should have priority?

Question asked by hanl2 malias on Mar 10, 2015
Latest reply on Mar 10, 2015 by Lily Wilson

I'm configuring my nginx server ssl

 

If in the nginx config I set

 

    ssl_protocols             TLSv1.2 TLSv1.1;

 

ssllabs' test reports

 

    BEAST attack     Mitigated server-side (more info) 

    Forward Secrecy     With modern browsers (more info)   

 

But if I set

 

    ssl_protocols             TLSv1.2 TLSv1.1 TLSv1;

 

then then test reports

 

    BEAST attack     Not mitigated server-side (more info)   TLS 1.0: 0xc013

    Forward Secrecy     Yes (with most browsers)   ROBUST (more info)   

 

So it appears I've a choice of EITHER

 

    BEAST attack mitigation

 

OR

 

    ROBUST Forward Secrecy

 

In today's "real world", which should we prioritize?

Outcomes