Hi Lubomir, thanks!
> For 2011-3389, I need to disable ciphers deemed unsecure. The solution > for Apache would be this: > > SSLHonorCipherOrder On > SSLCipherSuite RC4-SHA:HIGH:!ADH > > > Pound 2.7a contains a fix, at GoodData we use the following configuration: > > Ciphers "!EXPORT:!SSLv2:!MD5:!aNULL:!NULL:!LOW:RC4:RSA:ALL" > SSLHonorCipherOrder 1 > So this won't work on 2.6? Is there a patch available for 2.6? I'm not too keen on using a version which is labeled "experimental". > For 2012-4929, I need to turn off SSL Compression. > > > This is what we use to address the issue (not sure what's needed in > order to get that patch merged): > > http://www.apsis.ch/pound/pound_list/archive/2013/2013-02/1360766010000#1360766010000 >From the message I can't tell whether the patch is for 2.6 or 2.7. Can you enlighten me? I'd really like to stick to 2.6. > You need to rebuild your package. No problem, as I'm already doing that (I need a larger MAXBUF setting than used in the Debian packageS). Thanks again, Andreas. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
