ioerror
commented
11 years ago Submit a pull request with your diff?
It would also be useful to see two server reports - one for each config.
Ultimately, most browsers have implemented a fix for BEAST - so short of GCM, I think only using RC4 is going to be the sure fire thing to stop those kinds of reports. I'm not actually sure I trust RC4 over AES but it sure has been a bad year for CBC!
doherty
When I used the ciphers listed in the nginx example, and ran the Qualys SSL server test, I was informed that it was vulnerable to BEAST.
I've used
ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDHinstead.