Using Apache httpd server on Red Hat Enterprise Linux. Security scanner marks it as vulnerable to CVE-2011-3389 (aka "BEAST" attack). How can I make my server secure against this CVE ?
Red Hat's CVE database entry for CVE-2011-3389 doesn't mention any fix for OpenSSL.
- To avoid BEAST attack, what kind of cipher suites can be used in httpd configuration.
- Red Hat Enterprise Linux (RHEL)
- JBoss Enterprise Web Server (JWS)
- Apache httpd server 2.2.x and higher
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.