Hi, on a fairly old of our systems of ours (Pound 2.3), a recent PCI-DSS scan has discovered SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7270 Is there a way around this using pound.cfg alone, by using the Ciphers configuration options? Currently, we have it set to Ciphers "HIGH:!SSLv2" >From my understanding not, because pound probably uses OpenSSL (which is at 0.9.8e on that system) to work according to the "Ciphers" config option, but I thought I'd still ask. Thanks for your insight, Andreas. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
