"Disable SSLv3" This HTTPS listener config directive makes this work... /Thomaw
Sent from my Samsung Galaxy smartphone.<div> </div><div> </div><!-- originalMessage --><div>-------- Original message --------</div><div>From: Pound <[email protected]> </div><div>Date: 3/3/2016 13:25 (GMT-03:00) </div><div>To: [email protected] </div><div>Subject: [Pound Mailing List] Adding specific cipher suites </div><div> </div>> > Hello folks! > > We have configured the following: > Ciphers > "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS:!EDH-RSA-DES-CBC3-SHA:!DES-CBC3-SHA:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES256-SHA256:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-SHA256:!DHE-RSA-AES128-SHA:!SSLv3" > > Now we'd need to add the following cipher suites > TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 > and therefore added the following to the "Ciphers" parameter: > ECDHE-ECDSA-AES256-GCM-SHA384 > ECDHE-ECDSA-AES256-SHA384 > according to https://www.openssl.org/docs/manmaster/apps/ciphers.html > > Questions: > -Why doesn't this list any additional ciphers? > nmap --script ssl-enum-ciphers -p 443 $pound_host > -Is there a way to provide TLSv1.0 and 1.1 with having SSLv3 disabled? > > Pound Version : 2.7 > OpenSSL Version: 1.0.2f 28 Jan 2016 > > -- > To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. >
