I have tested:
ListenHTTPS
Address 192.168.0.10
Port 443
Cert "/etc/pound/ssl/cert.pem"
AddHeader "X-Forwarded-Proto: https"
HeadRemove "X-Forwarded-Proto"
RewriteLocation 0
Ciphers "HIGH:!SSLv3:!SSLv2:!aNULL:!ADH:!EXP:!eNULL:!MEDIUM:!LOW"
and https://ssllabs.com/ssltest/ reports the webserver as secure from
POODLE exploit.
Den 2014-10-16 06:43, Kaye Ng skrev:
Hi,
With the advent of the Poodle exploit, I'm just wondering is there
anyway in pound to disable support for ssl v3.0, but keep support for
tls 1.0, 1.1 and 1.2
In nginX I can do the following:
|ssl_protocols TLSv1 TLSv1.1 TLSv1.2;|
This has the effect of only supporting TLS v1.0+ and no ssl support.
Is there any equivalent for doing this pound?
Cheers,
Kaye.
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
