Hi--
I'm trying to get a Jetty-based application through our PCI DSS Certification Process and one of the new things that has popped up is the BEAST Attack. Since the application is web-facing, I can't really turn off support for anything below TLS 1.1, and while it appears Jetty supports me ordering protocols to mitigate it, I'm not sure if that is sufficient to pass a PCI DSS test. Does anyone have workarounds, information or advice? Thanks!
eyt* _______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
