If you're willing to hardcode and recompile, at least temporarily, then just stick the line:
SSL_CTX_set_options(pc->ctx, SSL_OP_NO_SSLv3); in Pound's config.c. I did it between these two lines and it worked: SSL_CTX_set_options(pc->ctx, ssl_op_enable); SSL_CTX_clear_options(pc->ctx, ssl_op_disable); On 10/15/2014 05:11 PM, Nick Rogers wrote: > > > On Wed, Oct 15, 2014 at 2:29 PM, Joe Gooch <[email protected] > <mailto:[email protected]>> wrote: > > That would fall on OpenSSL to implement... Which they did... A patch > went out yesterday. It's doubtful many distros have it yet. Once > the library supports it we can. > > I plan on whipping up a disablesslv3 option in the next couple > days... I can do something similar with fallback scsv at that time. > > > I would definitely be interested in the disable SSLv3 option, as I am > currently in the unfortunate position of needing to disable SSLv3 on my > pound servers that are running openssl 0.9.8, and outright disabling > SSLv3 ciphers effectively disables TLS 1.0. Updating pound is probably > going to be more realistic than OpenSSL in the short term. Thanks. > > > > > Joe > > > On 10/15/14, 4:55 PM, Root Kev wrote: >> Hello, >> >> Is there any known way to implement the "TLS_FALLBACK_SCSV >> <https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00>" >> feature in pound? >> >> Thanks, >> >> Kevin > > -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
