Same seems fine for 2.7c. 

Thanks for the easy fix.

I tested using this:

echo GET |openssl s_client -connect my.ssl-server.com:443 -prexit -no_tls 1 
-no_tls1_1 -no_tls1_2 

-R

-----Original Message-----
From: Xan Charbonnet [mailto:[email protected]] 
Sent: Thursday, 16 October 2014 10:21 AM
To: [email protected]
Subject: Re: [Pound Mailing List] Poodle Exploit

That was in 2.6.4 from Debian Jessie.


On 10/15/2014 06:09 PM, Nick Rogers wrote:
> 
> 
> On Wed, Oct 15, 2014 at 3:25 PM, Xan Charbonnet <[email protected] 
> <mailto:[email protected]>> wrote:
> 
>     If you're willing to hardcode and recompile, at least temporarily, then
>     just stick the line:
> 
>     SSL_CTX_set_options(pc->ctx, SSL_OP_NO_SSLv3);
> 
>     in Pound's config.c.  I did it between these two lines and it worked:
> 
>     SSL_CTX_set_options(pc->ctx, ssl_op_enable);
>     SSL_CTX_clear_options(pc->ctx, ssl_op_disable);
> 
> 
> Thanks. What version of pound are you using?
>  
> 
> 
> 
> 
> 
>     On 10/15/2014 05:11 PM, Nick Rogers wrote:
>     >
>     >
>     > On Wed, Oct 15, 2014 at 2:29 PM, Joe Gooch <[email protected] 
> <mailto:[email protected]>
>     > <mailto:[email protected] <mailto:[email protected]>>> wrote:
>     >
>     >     That would fall on OpenSSL to implement... Which they did... A patch
>     >     went out yesterday.  It's doubtful many distros have it yet.  Once
>     >     the library supports it we can.
>     >
>     >     I plan on whipping up a disablesslv3 option in the next couple
>     >     days... I can do something similar with fallback scsv at that time.
>     >
>     >
>     > I would definitely be interested in the disable SSLv3 option, as I am
>     > currently in the unfortunate position of needing to disable SSLv3 on my
>     > pound servers that are running openssl 0.9.8, and outright disabling
>     > SSLv3 ciphers effectively disables TLS 1.0. Updating pound is probably
>     > going to be more realistic than OpenSSL in the short term. Thanks.
>     >
>     >
>     >
>     >
>     >     Joe
>     >
>     >
>     >     On 10/15/14, 4:55 PM, Root Kev wrote:
>     >>     Hello,
>     >>
>     >>     Is there any known way to implement the "TLS_FALLBACK_SCSV
>     >>     <https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00>"
>     >>     feature in pound?
>     >>
>     >>     Thanks,
>     >>
>     >>     Kevin
>     >
>     >
> 
>     --
>     To unsubscribe send an email with subject unsubscribe to
>     [email protected] <mailto:[email protected]>.
>     Please contact [email protected] <mailto:[email protected]> for questions.
> 
> 

--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.

Reply via email to