Our site has recently been flagged for allowing "BEAST (Browser Exploit Against SSL/TLS) Vulnerability". We're being advised to "disable all block-based cipher suites in the server's SSL configuration and only support RC4 ciphers" or at minimum to "configure SSL to prefer RC4 ciphers over block-based ciphers to limit, but not eliminate, exposure". I can find no reference to any of this or how to accomplish it. Thanks,
