Just installed my third party certificates onto the Mobility server. My supplier Thawte says my server is vulnerable on two fronts.

It is vulnerable to a BEAST attack and it uses the RC4 cipher algorithm.

I found this Cool Solution https://www.novell.com/communities/c...vulnerability/
BUT it is for Data Synchronizer not Mobility. there is no access to the connector xml from the web admin. So I think I found the connector xml at /etc/datasync/configengine/engines/default/pipelines/pipeline1/connectors/mobility BUT theses tags don't exist

<sslMethod>value</sslMethod>
<sslCiphers>list</sslCiphers>

Do I just add them?

I also found this forum thread,
https://forums.novell.com/showthread...ers-and-SSL2-0
but there is no notice of the issue being resolved.

It is also running TLS1.0 and the certificate authority recommends TLS1.2.


I am running Version: 14.2.0 Build: 279