I read an article in the BEAST Registry that will lead me to a SO post about SslStream, BEAST, and TLS 1.1
It seems that the best way to mitigate this vulnerability is to prefer a non-CBC cipher suite such as rc4-sha .
Are Heroku currently the preferred CBC connections? If so, does this mean that there are currently dynamic processors for BEAST clients?
I found the OSWAP manual for testing SSL-TLS and did some local tests.
I also found Qualys SSL Labs test results for Heroku
Cipher Suites (SSLv3+ suites in server-preferred order, then SSLv2 suites where used)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 1024 bits (p: 128, g: 1, Ys: 128) 256
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 1024 bits (p: 128, g: 1, Ys: 128) 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) 168
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 168
TLS_RSA_WITH_RC4_128_SHA (0x5) 128
TLS_RSA_WITH_RC4_128_MD5 (0x4) 128
TLS_RSA_WITH_RC4_* , , Heroku BEAST.
-, .
BEAST INSECURE ()