My company uses Qualys to scan for vulnerabilities in our apps. I received a report with four vulnerabilities (related to SSLv3 and ciphers), and I could google each one and land on page from Qualys that specifies a manual command I could run to verify if I passed it or not, after making changes to my configuration.
For example, to verify the passing of QID 38143 - SSL Server Allows Cleartext Communication Vulnerability
:
openssl s_client -connect TARGET_IP:443 -cipher eNULL
However, I could find no such page for QID 42366 - SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Server Side Vulnerability (BEAST)
.
How can I verify if I pass this Qualys QID?