BEAST is an attack against SSL/TLS versions up to TLS 1.0.
Questions tagged [beast]
38 questions
1
vote
1 answer
Is there a vulnerability when TLS is decrypted, then encrypted with OpenSSL that is vulnerable to BEAST or CRIME?
Assume that the following TLS proxy exists
User <-----> Load Balancer that decrypts, encrypts <------> WebServer
Where the web server is running a vulnerable version of OpenSSL.
Can the user exploit the web server if it is vulnerable to TLS or…
![](../../users/profiles/396.webp)
makerofthings7
- 50,090
- 54
- 250
- 536
1
vote
2 answers
SSL Breach - Does the latest BEAST vulnerability mean SSL Issuers now have to worry about integrity?
Although many SSL certificates have been boasting extravagant guarantees -- typically around $10k minimum to $250k per breach -- to ensure their certificates are valid, to this date, I've heard that there has never been a single payout due to the…
![](../../users/profiles/3405.webp)
theonlylos
- 223
- 1
- 6
1
vote
1 answer
RC4-MD5 vs DES-CBC3-SHA
We moved to RC4-MD5 as a mitigation to BEAST attack. But our other teams are saying to use DES-CBC3-SHA
I want to know if DES-CBC3-SHA is also equivalent secure and mitigates BEAST as well ?
Also are the browser compliance different for these…
![](../../users/profiles/6862.webp)
Novice User
- 2,088
- 7
- 26
- 38
1
vote
2 answers
Clients breaking after avoiding RC4-MD5
As per http://projects.webappsec.org/w/page/13246945/Insufficient%20Transport%20Layer%20Protection , we have been recommended to stop using RC4-MD5.
The clients supported by our Application are IE 8 and above, Safari 5 and above, Chrome 18 and…
![](../../users/profiles/6862.webp)
Novice User
- 2,088
- 7
- 26
- 38
1
vote
2 answers
Are disabling TLS 1.0, enabling RC4 or using TLS1.0 with AES only, the only ways to mitigate BEAST server-side?
I understand that BEAST is very hard to exploit and mostly fixed by modern browsers already.
Also, enabling RC4 will introduce other risks.
So, if you still want to mitigate the almost impossible exploitable BEAST attack, at the server-side only!…
![](../../users/profiles/72031.webp)
Bob Ortiz
- 6,234
- 8
- 43
- 90
0
votes
1 answer
Beast attack and Qualys SSL test
If a server supports
| SSLv3: No supported ciphers found
| TLSv1.0:
| ciphers:
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
| …
![](../../users/profiles/16476.webp)
jmj
- 197
- 3
- 10
0
votes
3 answers
Hardened SSL ciphers for Nginx as AWS/Cloudfront Custom Origin
Based on recommendations, we recently attempted to harden our Nginx SSL configuration against BEAST/CRIME/BREACH attacks with the following stanza:
ssl_prefer_server_ciphers on;
ssl_ciphers…
![](../../users/profiles/2479.webp)
David Eyk
- 101
- 1
- 3
0
votes
1 answer
BEAST attack on TSL1.2?
It is my understanding that BEAST only works on TLS1.0 and I got confused when I saw a demonstration of BEAST attack on paypal.com, locally: https://www.youtube.com/watch?v=BTqAIDVUvrU
Paypal uses TLS1.2, so I'm not sure how the attack could reveal…
![](../../users/profiles/32378.webp)
George
- 739
- 1
- 6
- 22