Please can ghuide me how to resolve this vlnerability.
Debian / Ubuntu, edit this file:
Red Hat / CentOS, edit this file:
Use these values:
SSLHonorCipherOrder On SSLCipherSuite RC4-SHA:HIGH:!ADH
thank you for your answer but my server is running windows 2003 standar and IBM webspher application server.
Microsoft's January 2012 patch Tuesday cycle patched Microsoft products for this CVE (CVE-2011-3389) for IIS, and other related Microsoft server components.
For Websphere, please check with IBM for updates / patches for your current version. If no update is available, making a request to the vendor for a fix may be required.
How do we fix it on the OpenSSL?
If we use OpenSSL command to check for these vulnerabilities, it says that it is running SSL v3 and has weak encryption disabled. If this is acceptable, please let me how what information qualys need us to provide get a pass on this.
To resolve this, set the preferred cipher to an RC4-SHA cipher for the application or device.
This link has some more info:
Thanks for the info, how about JBoss web?