It works for the ssltest, but the applications don't work anymore. IE works, Firefox says overlap error, etc....
Von: Stefan Eriksson <[email protected]> An: [email protected] Datum: 16.10.2014 11:57 Betreff: Re: [Pound Mailing List] Disable ssl v3 I have tested: ListenHTTPS Address 192.168.0.10 Port 443 Cert "/etc/pound/ssl/cert.pem" AddHeader "X-Forwarded-Proto: https" HeadRemove "X-Forwarded-Proto" RewriteLocation 0 Ciphers "HIGH:!SSLv3:!SSLv2:!aNULL:!ADH:!EXP:!eNULL:!MEDIUM:!LOW" and https://ssllabs.com/ssltest/ reports the webserver as secure from POODLE exploit. Den 2014-10-16 06:43, Kaye Ng skrev: > Hi, > > With the advent of the Poodle exploit, I'm just wondering is there > anyway in pound to disable support for ssl v3.0, but keep support for > tls 1.0, 1.1 and 1.2 > > In nginX I can do the following: > > |ssl_protocols TLSv1 TLSv1.1 TLSv1.2;| > > > This has the effect of only supporting TLS v1.0+ and no ssl support. > Is there any equivalent for doing this pound? > > Cheers, > Kaye. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions. ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ This message contains information that may be privileged or confidential and is the property of the NUM Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
smime.p7s
Description: S/MIME Cryptographic Signature
