Same seems fine for 2.7c. Thanks for the easy fix.
I tested using this: echo GET |openssl s_client -connect my.ssl-server.com:443 -prexit -no_tls 1 -no_tls1_1 -no_tls1_2 -R -----Original Message----- From: Xan Charbonnet [mailto:[email protected]] Sent: Thursday, 16 October 2014 10:21 AM To: [email protected] Subject: Re: [Pound Mailing List] Poodle Exploit That was in 2.6.4 from Debian Jessie. On 10/15/2014 06:09 PM, Nick Rogers wrote: > > > On Wed, Oct 15, 2014 at 3:25 PM, Xan Charbonnet <[email protected] > <mailto:[email protected]>> wrote: > > If you're willing to hardcode and recompile, at least temporarily, then > just stick the line: > > SSL_CTX_set_options(pc->ctx, SSL_OP_NO_SSLv3); > > in Pound's config.c. I did it between these two lines and it worked: > > SSL_CTX_set_options(pc->ctx, ssl_op_enable); > SSL_CTX_clear_options(pc->ctx, ssl_op_disable); > > > Thanks. What version of pound are you using? > > > > > > > On 10/15/2014 05:11 PM, Nick Rogers wrote: > > > > > > On Wed, Oct 15, 2014 at 2:29 PM, Joe Gooch <[email protected] > <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>> wrote: > > > > That would fall on OpenSSL to implement... Which they did... A patch > > went out yesterday. It's doubtful many distros have it yet. Once > > the library supports it we can. > > > > I plan on whipping up a disablesslv3 option in the next couple > > days... I can do something similar with fallback scsv at that time. > > > > > > I would definitely be interested in the disable SSLv3 option, as I am > > currently in the unfortunate position of needing to disable SSLv3 on my > > pound servers that are running openssl 0.9.8, and outright disabling > > SSLv3 ciphers effectively disables TLS 1.0. Updating pound is probably > > going to be more realistic than OpenSSL in the short term. Thanks. > > > > > > > > > > Joe > > > > > > On 10/15/14, 4:55 PM, Root Kev wrote: > >> Hello, > >> > >> Is there any known way to implement the "TLS_FALLBACK_SCSV > >> <https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00>" > >> feature in pound? > >> > >> Thanks, > >> > >> Kevin > > > > > > -- > To unsubscribe send an email with subject unsubscribe to > [email protected] <mailto:[email protected]>. > Please contact [email protected] <mailto:[email protected]> for questions. > > -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
