How to secure an Apache server against the "BEAST" attack (CVE-2011-3389)

Solution Unverified - Updated -

Issue

  • Using Apache httpd server on Red Hat Enterprise Linux. Security scanner marks it as vulnerable to CVE-2011-3389 (aka "BEAST" attack). How can I make my server secure against this CVE ?

  • Red Hat's CVE database entry for CVE-2011-3389 doesn't mention any fix for OpenSSL.

  • To avoid BEAST attack, what kind of cipher suites can be used in httpd configuration.

Environment

  • Red Hat Enterprise Linux (RHEL)
  • JBoss Enterprise Web Server (JWS)
  • Apache httpd server 2.2.x and higher
  • openssl

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In