Customer had a scan done, and two things popped out that need to be resolved.  So just wondering if the fix is to upgrade the IOS to 8.4 code from 8.0(33), or if there is something to change in the configuration.  They use SSL VPN service, and EZVPN/ClientVPN, which appears to be where the below is coming from.

First one is

BEAST (Browser Exploit Against SSL/TLS) Vulnerability

The SSL protocol encrypts data by using CBC mode with chained

initialization vectors. This allows an attacker, which is has gotten

access to an HTTPS session via man-in-the-middle (MITM) attacks or

other means, to obtain plain text HTTP headers via a blockwise

chosen-boundary attack (BCBA) in conjunction with Javascript code

that uses the HTML5 WebSocket API, the Java URLConnection API,

or the Silverlight WebClient API. This vulnerability is more commonly

referred to as Browser Exploit Against SSL/TLS or "BEAST".

Second is

Aggressive Mode IKE supported on VPN Device

The remote host is a VPN concentrator that supports Aggressive

mode IKE. By creating a series of IKE aggressive mode proposals,

and sending those proposals to the VPN concentrator, an acceptable

proposal for Aggressive Mode IKE was discovered. In Aggressive

Mode IKE, the response from the VPN concentrator includes an

authentication hash based on a pre-shared key (PSK). This hash is

not encrypted, so if it is captured in transit, a dictionary or brute force

attack against the hash can potentially allow for the recovery of the

PSK, and the exposure potentially sensitive information from VPN

sessions. In rare cases where the PSK is the sole means for

authentication to the VPN, attackers can use it to authenticate against

the VPN and intrude the network