Create and configure the sslsettings.conf file located in the /var/novell directory to avoid Browser Exploit Against SSL/TLS (BEAST) attacks. Customizing the SSLCipherSuite used by the Access Gateway Appliance helps you in taking preventive measures when new vulnerabilities are published.
In the sslsettings.conf file, add the following:
SSLHonorCipherOrder=on
SSLCipherSuite=<value>
The default cipher setting that is available is !aNULL:!eNULL:!EXPORT:!DSS:!DES:RC4-SHA:RC4-MD5:ALL.
For example, you can replace the <value> with the following:
SSLHonorCipherOrder=on
SSLCipherSuite=!aNULL:!eNULL:!EXPORT:!DSS:!DES:RC4-SHA:RC4-MD5:ALL
For more information on the format and set of options you can specify in the value, see OpenSSL documentation.
Restart the Access Gateway Appliance.