The following issues occurred in the reports generated when using the IBM Security AppScan Standard Scan site (RC4 cipher suite and browser for SSL/TLS are detected with the name Beast)
Operating system: Oracle Linux 6.1
Middleware: apache-tomcat-7.0.67
The problem is as follows:
RC4 Cipher Suite Detected
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M02/8E/F7/wKioL1jQjYyTIMb0AAMEweanHDo872.png-wh_500x0-wm_ 3-wmp_4-s_832118431.png "title=" Qq20170320140021.png "alt=" Wkiol1jqjyytimb0aameweanhdo872.png-wh_50 "/>
650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/8E/F9/wKiom1jQjcbis6d6AAES5TBa-SQ984.png-wh_500x0-wm_ 3-wmp_4-s_19542009.png "title=" 2222222222.png "alt=" Wkiom1jqjcbis6d6aaes5tba-sq984.png-wh_50 "/>
For SSL/TLS browser use (aka Beast)
650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M00/8E/F7/wKioL1jQjjbB8QhSAAMTK0SksVU769.png-wh_500x0-wm_ 3-wmp_4-s_1599954003.png "title=" 3333.png "alt=" Wkiol1jqjjbb8qhsaamtk0sksvu769.png-wh_50 "/>
<connector protocol= "Org.apache.coyote.http11.Http11Protocol" port= "443" sslenabled= "true" maxthreads= " scheme=" "https" secure= "true" keystorefile= "Conf\keystore.jks" keystorepass= "Password" clientauth= "false" sslprotocol= "TLS" ciphers= "tls_rsa_with_aes_128_cbc_sha,tls_rsa_with_ Aes_256_cbc_sha,tls_ecdhe_rsa_with_aes_128_cbc_sha,tls_ecdhe_rsa_with_aes_128_cbc_sha256,tls_rsa_with_aes_128_ cbc_sha256,tls_rsa_with_aes_256_cbc_sha256 "&NBSP;&NBSP;/>
Once configured, restarting Tomcat again detects the build report to see that the corresponding issue has been resolved.
This article is from "The girl said" blog, please be sure to keep this source http://sugarlovecxq.blog.51cto.com/6707742/1908664
Resolves an RC4 cipher suite issue detected by the IBM Security AppScan Scan