Hi.
I have run a server test on
https://cryptoreport.rapidssl.com/checker/views/certCheck. . Itjsp
reports that my certificate is installed correctly but the server is
vulnerable to a BEAST attack. It says "Make sure you have the TLSv1.2
protocol enabled on your server. Disable the RC4, MD5, and DES
algorithms. Contact your web server vendor for assistance."
I believe that I have disabled these protocols - here are the relevant
lines in my config:
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: ECDHE-RSA-AES128-GCM-SHA256: ECDHE-ECDSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-SHA384:ECDHE- ECDSA-AES256-SHA384:ECDHE-RSA- AES256-SHA:ECDHE-ECDSA-AES256- SHA:ECDHE-RSA-AES128-SHA256: ECDHE-ECDSA-AES128-SHA256: ECDHE-RSA-AES128-SHA:ECDHE- ECDSA-AES128-SHA:AES256-GCM- SHA384:AES128-GCM-SHA256: AES256-SHA256:AES128-SHA256: AES256-SHA:AES128-SHA:AES: CAMELLIA:DES-CBC3-SHA:!aNULL:! eNULL:!EXPORT:!DES:!RC4:!MD5:! PSK:!EDH:!aECDH:!EDH-DSS-DES- CBC3-SHA:!EDH-RSA-DES-CBC3- SHA:!KRB5-DES-CBC3-SHA"
SSLHonorCipherOrder On
Can anyone help here?