05-23-2014 10:17 AM - edited 03-10-2019 09:44 PM
Hi,
We are trying to reduce our susceptibility to SSL BEAST information disclosure vulnerability regarding our ACS 5.3.40 system.
It's been suggested that we consider some defensive measures such as cipher suite selection.
Wherever possible, we should ensure that servers and clients that support TLS/SSL are configured to support TLS versions 1.1 and 1.2, not just SSLv3 and TLSv1.0 which is often the default configuration.
Can you advise how this is done within the ACS 5.3.40 application? Is it just a case of patching to another level?
(Default SSLv3 and TLSv1.0 defaults are not deemed strong enough).
Thanks.