Hi, thank you for answering, but that doesn't really help. We use Pound-2.7b on a Debian wheezy with openssl 1.0.1e. openssl ciphers -v "ALL:-SSLv3" returns only TLSv1.2 ciphers. (And I tried so many combinations now, that I got sick)
The customer wants TLSv1.1 and TLSv1.2 active and only SSLv3 and TLSv1.0 disabled. If this is not possible, only SSLv3 disabled. For SSLv2 there was the DisableSSLv2 option. I hoped there could be something similar for SSLv3. If not, perhaps we need a different solution. Kind Regards Ute > Hi, > > Pound uses OpenSSL for SSL/TLS. That means all the available features > depend on your OpenSSL installation. > > There is a directive "Ciphers" for defining custom cipher lists in the > Pound configuration file (see Pound manual page). It expects a regular > OpenSSL cipher list. A leading exclamation mark excludes a cipher. For > Example: > > Ciphers "ALL:!SSLv2" > > You can use OpenSSL to test and check cipher lists. The command "openssl > ciphers -v 'ALL:!SSLv2'" is a good starting point ... take a look at the > manual page (man ciphers) or search Google for OpenSSL cipher lists. > > Hope this helps :-) > > Kind regards, > Leo > > > On 02/24/2014 04:54 PM, Ute Carstens wrote: > > Is it possible to disable SSLv3? The german BSI recommends > > it and one of our customers wants us to disable SSLv3 on the > > pound-instance we configured for them. > > > > If not - Is it possible to loadbalance the SSL-Traffic and > > let the Tomcat servers terminate the SSL-Session? > > > > Kind Regards > > > > Ute > > > > -- > > To unsubscribe send an email with subject unsubscribe to [email protected]. > > Please contact [email protected] for questions. > > > > > -- > To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. -- Pelikan & Partner WWW : http://www.ppp.net PPP Internetdienstleistungen GmbH E-Mail : [email protected] Holzdamm 40 Telefon : +49-40-284022-40 20099 Hamburg Telefax : +49-40-284022-42 Geschäftsführer: Lutz Pelikan, Martin Stöckle Sitz: Hamburg, Amtsgericht: Hamburg, HRB 63374 -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
