DESCRIPTION: Why is my SRA failing PCI scan for Beast?
RESOLUTION: You can configure the SRA to use only RC4 on the "diag page".
In the address bar of the browser you are manging the SRA with replace "managment" with "diag"
Click "Internal Settings"
Here you can check "Use only RC4 Cipher for SSL Transactipons".
Then click "Accept" in the top right hand corner and then click "Go Back"
However RC4 is no longer considered secure.
And this will break windows 8.1 machines from connecting.
Qualys, one of the most popular PCI scanners, is no longer penalizing for not using RC4 to mitigate BEAST.
BEAST is a client-side vulnerability and most major browsers have addressed it according to this link:
“RC4 is no longer enabled by default for TLS. Applications (such as Internet Explorer) might fail to connect if they depend on RC4. You can enable RC4 support by configuring these registry keys with the following REG command: