AnsweredAssumed Answered

Beast attack mitigation OR Robust FS support -- which should have priority?

Question asked by hanl2 malias on Mar 10, 2015
Latest reply on Mar 10, 2015 by Lily Wilson

I'm configuring my nginx server ssl


If in the nginx config I set


    ssl_protocols             TLSv1.2 TLSv1.1;


ssllabs' test reports


    BEAST attack     Mitigated server-side (more info) 

    Forward Secrecy     With modern browsers (more info)   


But if I set


    ssl_protocols             TLSv1.2 TLSv1.1 TLSv1;


then then test reports


    BEAST attack     Not mitigated server-side (more info)   TLS 1.0: 0xc013

    Forward Secrecy     Yes (with most browsers)   ROBUST (more info)   


So it appears I've a choice of EITHER


    BEAST attack mitigation




    ROBUST Forward Secrecy


In today's "real world", which should we prioritize?