How to secure an Apache server against the "BEAST" attack (CVE-2011-3389)
Issue
-
Using Apache httpd server on Red Hat Enterprise Linux. Security scanner marks it as vulnerable to CVE-2011-3389 (aka "BEAST" attack). How can I make my server secure against this CVE ?
-
Red Hat's CVE database entry for CVE-2011-3389 doesn't mention any fix for OpenSSL.
- To avoid BEAST attack, what kind of cipher suites can be used in httpd configuration.
Environment
- Red Hat Enterprise Linux (RHEL)
- JBoss Enterprise Web Server (JWS)
- Apache httpd server 2.2.x and higher
- openssl
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.