On Wed, Oct 15, 2014 at 3:25 PM, Xan Charbonnet <[email protected]> wrote:
> If you're willing to hardcode and recompile, at least temporarily, then > just stick the line: > > SSL_CTX_set_options(pc->ctx, SSL_OP_NO_SSLv3); > > in Pound's config.c. I did it between these two lines and it worked: > > SSL_CTX_set_options(pc->ctx, ssl_op_enable); > SSL_CTX_clear_options(pc->ctx, ssl_op_disable); > Thanks. What version of pound are you using? > > > > > On 10/15/2014 05:11 PM, Nick Rogers wrote: > > > > > > On Wed, Oct 15, 2014 at 2:29 PM, Joe Gooch <[email protected] > > <mailto:[email protected]>> wrote: > > > > That would fall on OpenSSL to implement... Which they did... A patch > > went out yesterday. It's doubtful many distros have it yet. Once > > the library supports it we can. > > > > I plan on whipping up a disablesslv3 option in the next couple > > days... I can do something similar with fallback scsv at that time. > > > > > > I would definitely be interested in the disable SSLv3 option, as I am > > currently in the unfortunate position of needing to disable SSLv3 on my > > pound servers that are running openssl 0.9.8, and outright disabling > > SSLv3 ciphers effectively disables TLS 1.0. Updating pound is probably > > going to be more realistic than OpenSSL in the short term. Thanks. > > > > > > > > > > Joe > > > > > > On 10/15/14, 4:55 PM, Root Kev wrote: > >> Hello, > >> > >> Is there any known way to implement the "TLS_FALLBACK_SCSV > >> <https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00>" > >> feature in pound? > >> > >> Thanks, > >> > >> Kevin > > > > > > -- > To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. >
