Link to home
Start Free TrialLog in
Avatar of Robert Saylor
Robert SaylorFlag for United States of America

asked on

test SSL for BEAST and RC4

I made changes to my apache config to disable RC4 and mitigate against the BEAST vulnerability. How do I test it? Is there a site that checks?
Avatar of Dave Howe
Dave Howe
Flag of United Kingdom of Great Britain and Northern Ireland image

I would suggest https://www.ssllabs.com/ssltest/ - that should tell you if you have the BEAST issue, and a lot more.
Avatar of Robert Saylor

ASKER

Thanks, I keep trying to disable SSLv3 but it keeps saying it is open. Also, I tried several ways on RC4 but I keep getting listed too.

Here is my config:

SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-SSLv3:-EXP:!kEDH
ASKER CERTIFIED SOLUTION
Avatar of Dave Howe
Dave Howe
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks! My overall grade went from a C to a B but the poodle issue is resolved and the RC4 issue is resolved.