Nick,
Can you just build with openssl 0.9.8zc: OpenSSL 0.9.8 users should upgrade to 0.9.8zc. The advisory recommends using this version for 0.9.8 users (which is what we are too). http://www.openssl.org/news/secadv_20141015.txt -- jake From: Nick Rogers [mailto:[email protected]] Sent: Wednesday, October 15, 2014 4:09 PM To: [email protected] Subject: Re: [Pound Mailing List] Poodle Exploit On Wed, Oct 15, 2014 at 3:25 PM, Xan Charbonnet <[email protected] <mailto:[email protected]> > wrote: If you're willing to hardcode and recompile, at least temporarily, then just stick the line: SSL_CTX_set_options(pc->ctx, SSL_OP_NO_SSLv3); in Pound's config.c. I did it between these two lines and it worked: SSL_CTX_set_options(pc->ctx, ssl_op_enable); SSL_CTX_clear_options(pc->ctx, ssl_op_disable); Thanks. What version of pound are you using? On 10/15/2014 05:11 PM, Nick Rogers wrote: > > > On Wed, Oct 15, 2014 at 2:29 PM, Joe Gooch <[email protected] > <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]> >> wrote: > > That would fall on OpenSSL to implement... Which they did... A patch > went out yesterday. It's doubtful many distros have it yet. Once > the library supports it we can. > > I plan on whipping up a disablesslv3 option in the next couple > days... I can do something similar with fallback scsv at that time. > > > I would definitely be interested in the disable SSLv3 option, as I am > currently in the unfortunate position of needing to disable SSLv3 on my > pound servers that are running openssl 0.9.8, and outright disabling > SSLv3 ciphers effectively disables TLS 1.0. Updating pound is probably > going to be more realistic than OpenSSL in the short term. Thanks. > > > > > Joe > > > On 10/15/14, 4:55 PM, Root Kev wrote: >> Hello, >> >> Is there any known way to implement the "TLS_FALLBACK_SCSV >> <https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00>" >> feature in pound? >> >> Thanks, >> >> Kevin > > -- To unsubscribe send an email with subject unsubscribe to [email protected] <mailto:[email protected]> . Please contact [email protected] <mailto:[email protected]> for questions.
