Hi,
Pound uses OpenSSL for SSL/TLS. That means all the available features
depend on your OpenSSL installation.
There is a directive "Ciphers" for defining custom cipher lists in the
Pound configuration file (see Pound manual page). It expects a regular
OpenSSL cipher list. A leading exclamation mark excludes a cipher. For
Example:
Ciphers "ALL:!SSLv2"
You can use OpenSSL to test and check cipher lists. The command "openssl
ciphers -v 'ALL:!SSLv2'" is a good starting point ... take a look at the
manual page (man ciphers) or search Google for OpenSSL cipher lists.
Hope this helps :-)
Kind regards,
Leo
On 02/24/2014 04:54 PM, Ute Carstens wrote:
> Is it possible to disable SSLv3? The german BSI recommends
> it and one of our customers wants us to disable SSLv3 on the
> pound-instance we configured for them.
>
> If not - Is it possible to loadbalance the SSL-Traffic and
> let the Tomcat servers terminate the SSL-Session?
>
> Kind Regards
>
> Ute
>
> --
> To unsubscribe send an email with subject unsubscribe to [email protected].
> Please contact [email protected] for questions.
>
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
