7.20 Browser Exploit Against SSL/TLS Attack During SSL Communication

Create and configure the sslsettings.conf file located in the /var/novell directory to avoid Browser Exploit Against SSL/TLS (BEAST) attacks. Customizing the SSLCipherSuite used by the Access Gateway Appliance helps you in taking preventive measures when new vulnerabilities are published.

In the sslsettings.conf file, add the following:



The default cipher setting that is available is !aNULL:!eNULL:!EXPORT:!DSS:!DES:RC4-SHA:RC4-MD5:ALL.

For example, you can replace the <value> with the following:



For more information on the format and set of options you can specify in the value, see OpenSSL documentation.

Restart the Access Gateway Appliance.