[jetty-users] BEAST Mitigation?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[jetty-users] BEAST Mitigation?

Eric Y. Theriault

I'm trying to get a Jetty-based application through our PCI DSS
Certification Process and one of the new things that has popped up is
the BEAST Attack.  Since the application is web-facing, I can't really
turn off support for anything below TLS 1.1, and while it appears Jetty
supports me ordering protocols to mitigate it, I'm not sure if that is
sufficient to pass a PCI DSS test.  Does anyone have workarounds,
information or advice?  Thanks!


jetty-users mailing list
[hidden email]