Good Evening, I have recently come to support a OpenBSD e-commerce site have to pass PCI DSS compliance. It currently fails the BEAST attack scan because the server responds with vulnerable ciphers. I am looking for suggestions on remediating the problem.
Neither of these seem to actually turnoff the bad ciphers. SSLHonorCipherOrder On SSLCipherSuite RC4-SHA:HIGH:!ADH SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH If there is not real problem I can accept that but I will need some real statement so I can apply for an exemption. Thanks Steve