Thanks... I will me more detailed.
We don't use Apache HTTPD or ngnix. It's just tomcat7. Below is my connector
configuration.
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile=" "
keystorePass=" "/>
Regards,
Amith
-----Original Message-----
From: Olaf Kock [mailto:[email protected]]
Sent: Friday, April 08, 2016 9:29 AM
To: [email protected]
Subject: Re: Appscan Issues
Am 08.04.2016 um 15:17 schrieb Kikkeri, Amith:
> Hi,
> Appscan was performed on our application and 2 issues were encountered. Could
> anyone please let me know how to resolve these issues ? We use tomcat7.
>
> Browser Exploit Against SSL/TLS (a.k.a. BEAST)
> RC4 cipher suites were detected
> (Remove support of SSLv3/TLS1.0 cipher suites with CBC.)
Sure. Remove SSL support.
Seriously: With the level of information that you give, what's the level of
detail that you expect back?
Are you using tomcat only? Do you front it with Apache httpd? nginx? Any
loadbalancer or SSL-Terminator (pardon the use of SSL here)? If you only have
tomcat, what's the configuration of your https connector? Which of the options
that are documented in the connector's documentation
(http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support or
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html among others) do you
need help with?
Olaf
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
