Am 08.04.2016 um 15:17 schrieb Kikkeri, Amith: > Hi, > Appscan was performed on our application and 2 issues were encountered. Could > anyone please let me know how to resolve these issues ? We use tomcat7. > > Browser Exploit Against SSL/TLS (a.k.a. BEAST) > RC4 cipher suites were detected > (Remove support of SSLv3/TLS1.0 cipher suites with CBC.) Sure. Remove SSL support.
Seriously: With the level of information that you give, what's the level of detail that you expect back? Are you using tomcat only? Do you front it with Apache httpd? nginx? Any loadbalancer or SSL-Terminator (pardon the use of SSL here)? If you only have tomcat, what's the configuration of your https connector? Which of the options that are documented in the connector's documentation (http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support or http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html among others) do you need help with? Olaf --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
