All,
I'm new the list but have been using Pound for several years.
I'm trying to get Pound to pass PCI/DSS.
My scanning vendor is failing it, indicating that SSLv2 is enabled. My
Ciphers parameter in pound.cfg is as follows:
ListenHTTPS
Address 0.0.0.0
Port 443
Cert "/etc/contractpal.net.pem"
Err414 "/etc/pound_414.html"
Err500 "/etc/pound_500.html"
Err501 "/etc/pound_501.html"
Err503 "/etc/pound_503.html"
Ciphers "-ALL +SSLv3 +TLSv1"
When I run a test to see if Pound is accepting SSLv2 connections, I get the
following:
New, SSLv2, Cipher is DES-CBC3-MD5
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv2
What do I need to do to disable SSLv2?
Rob
