The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mitigating the BEAST attack

Discussion in 'Security' started by HTF1, Apr 14, 2014.

  1. HTF1

    HTF1 Registered

    Joined:
    Apr 14, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    I've changed the SSL Cipher Suite to PCI recommended via Apache global configuration and then I included settings listed below into '/usr/local/apache/conf/includes/pre_main_global.conf':

    SSLProtocol -ALL +SSLv3 +TLSv1
    SSLHonorCipherOrder On
    SSLInsecureRenegotiation Off

    Apache was restarted afterwards:

    /usr/local/cpanel/bin/build_apache_conf
    /etc/init.d/httpd restart

    - however the server is still failing Global Sign test:

    https://sslcheck.globalsign.com/en_US/

    "Sessions may be vulnerable to BEAST attack
    Attackers may be able to decrypt the encrypted SSL traffic"

    Server details:
    RHEL 5.10
    cPanel 11.40.1 (build 9)
    openssl-0.9.8e-27
    Apache/2.2.27

    Is there anything else that I can do in order to eliminate this vulnerability?

    Regards
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. HTF1

    HTF1 Registered

    Joined:
    Apr 14, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    Thanks for your help. It looks like the cipher suite from the link you posted solved my problem.

    Regards
     
Loading...
Similar Threads - Mitigating BEAST attack
  1. CCSupport
    Replies:
    3
    Views:
    871

Share This Page