[jetty-users] BEAST Mitigation?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-users] BEAST Mitigation?

From: "Eric Y. Theriault" <eric@xxxxxx>
Date: Thu, 31 May 2012 20:59:30 -0700
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
Organization: http://www.eyt.ca/
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1

Hi--

I'm trying to get a Jetty-based application through our PCI DSSCertification Process and one of the new things that has popped up isthe BEAST Attack. Since the application is web-facing, I can't reallyturn off support for anything below TLS 1.1, and while it appears Jettysupports me ordering protocols to mitigate it, I'm not sure if that issufficient to pass a PCI DSS test. Does anyone have workarounds,information or advice? Thanks!




eyt*

Prev by Date: [jetty-users] java.lang.IllegalStateException: !Selecting
Next by Date: Re: [jetty-users] java.lang.IllegalStateException: !Selecting
Previous by thread: [jetty-users] java.lang.IllegalStateException: !Selecting
Next by thread: [jetty-users] JNDI Demo for Jetty 8
Index(es):
- Date
- Thread

Breadcrumbs