You unsubscribe from here: https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
Cordialement, Mathieu CHATEAU http://www.lotp.fr 2015-06-17 21:27 GMT+02:00 David Byrne <david.by...@vooservers.com>: > How do I unsubscribe from this list? > > > > Best Regards, > *Dave Byrne* > > *Head of Technical Projects VooServers Limited* > > > > *[image: 125px-landscape-transparent-bw]* > > > > This communication and any attachments contain information which is > confidential and may also be privileged. It is for the exclusive use of the > intended recipient(s). If you are not the intended recipient(s) please note > that any form of disclosure, distribution, copying or use of this > communication or the information in it or in any attachments is strictly > prohibited and may be unlawful. If you have received this communication in > error, please return it with the title 'received in error' to > david.by...@vooservers.com then delete the email and destroy any copies > of it. Email communications cannot be guaranteed to be secure or error > free, as information could be intercepted, corrupted, amended, lost, > destroyed, arrive late or incomplete, or contain viruses. We do not accept > liability for any such matters or their consequences. Anyone who > communicates with us by email is taken to accept the risks in doing so. > Opinions, conclusions and other information in this email and any > attachments which do not relate to the official business of the firm are > neither given nor endorsed by it. > > > > *From:* Gruber Alexander [mailto:alexander.gru...@az-druck.de] > *Sent:* 17 June 2015 20:26 > *To:* <zenloadbalancer-support@lists.sourceforge.net> > > *Subject:* Re: [Zenloadbalancer-support] ZEN poodle disable > > > > hm bad iOS Mail ... > > tomorrow i send a mail from the company with all the pictures > > > Am 17.06.2015 um 21:21 schrieb Gruber Alexander < > alexander.gru...@az-druck.de>: > > Hi, > > > > a quick howto for pund and openssl upgrade. > > > > First Upgrade to debian wheezy > > > http://sysadminosaurus.blogspot.de/2014/07/zen-load-balancer-303-perfomance-and.html > > > > > > > > *Install tools* > > apt-get install build-essential devscripts m4 quilt debhelper zlib1g-dev > bc gcc++ cmake > > > > *Hoard for Pound* > > apt-get install libpcrecpp0 libpcre3-dev libpcre3 libpcre++0 libpcre++-dev > libtcmalloc-minimal4 libgoogle-perftools4 libgoogle-perftools-dev > > > > mkdir hoard > cd hoard/ > > > > wget > https://github.com/emeryberger/Hoard/releases/download/3.10/Hoard-3.10-source.tar.gz > > > > gunzip Hoard-3.10-source.tar.gz > > tar -xf Hoard-3.10-source.tar > > cd Hoard/src > > > > make linux-gcc-x86 > > > > cp libhoard.so /usr/lib/. > > > > *load hoard lib* > > export LD_PRELOAD=/usr/lib/libhoard.so > > > > add the next line to /etc/profile > > export LD_PRELOAD=/usr/lib/libhoard.so > > > > ldd /bin/ls > > > > > > > > *upgrade SSL* > > > > cd ~ > > mkdir openssl > > cd openssl > > > > apt-get source openssl > > > > cd openssl-* > > > > quilt pop -a > > > > *disable unsecure chipers, SSLv2 and SSLv3 * > > vi debian/rules > > CONFARGS = -no-comp --prefix=/usr --openssldir=/usr/lib/ssl > --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib > enable-tlsext no-ssl2 no-ssl3 #Include no-ssl3 for even better security. > > > > quilt push -a > > > > dpkg-source --commit > > > > debuild -uc -us > > > > > > cd .. > > > > dpkg -i *ssl*.deb > > > > apt-mark hold libssl-dev libssl-doc libssl openssl libssl1.0.0 > libssl1.0.0-dbg > > > > reboot > > > > > > > > *Pound upgrade* > > mkdir pound > > cd pound > > > > wget https://fossies.org/linux/www/Pound-2.7.tgz > > > > tar -xf Pound-2.7.tgz > > > > cd Pound-2.7 > > > > ./configure > > > > make > > > > cp pound /usr/local/zenloadbalancer/app/pound/sbin/pound2.7 > cp poundctl /usr/local/zenloadbalancer/app/pound/sbin/poundctl2.7 > cp /usr/local/zenloadbalancer/app/pound/sbin/pound > /usr/local/zenloadbalancer/app/pound/sbin/pound2.5 > cp /usr/local/zenloadbalancer/app/pound/sbin/poundctl > /usr/local/zenloadbalancer/app/pound/sbin/poundctl2.5 > cp /usr/local/zenloadbalancer/app/pound/sbin/pound2.7 > /usr/local/zenloadbalancer/app/pound/sbin/pound > cp /usr/local/zenloadbalancer/app/pound/sbin/poundctl2.7 > /usr/local/zenloadbalancer/app/pound/sbin/poundctl > cd ~ > > > > > > > > > > > > > > > > Edit Farms > > > > > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA > > > > Intermediate Ciphers von > https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility > > > > > > > > edit Pound configuration > (/usr/local/zenloadbalancer/config/<FARM>_pound.cfg) > > add the folow lines: > > > > SSLHonorCipherOrder 1 > SSLAllowClientRenegotiation 0 > > > > > > > > > > > > Regards > > Alex > > > Am 17.06.2015 um 13:54 schrieb Mathieu Chateau <mathieu.chat...@lotp.fr>: > > Poodle is officially fixed only in enterprise edition > > > > But I am using community edition and could go around it. > > > > After changing cipher did you his the restart button that appeared? > > Cipher I sent you do not allow any SSLv3 while it's still technically > enabled > > > Cordialement, > Mathieu CHATEAU > http://www.lotp.fr > > > > 2015-06-17 13:43 GMT+02:00 Emrah DALGIÇ <emrah.dal...@hititcs.com>: > > I checked iso and it is 3.0 > > > > How could I check version via GUI or CLI? > > > > > > *From:* Mathieu Chateau [mailto:mathieu.chat...@lotp.fr] > *Sent:* Wednesday, June 17, 2015 2:29 PM > > > *To:* zenloadbalancer-support > *Subject:* Re: [Zenloadbalancer-support] ZEN poodle disable > > > > Do you have version 3.0.5 for Zen ? > > > Cordialement, > Mathieu CHATEAU > http://www.lotp.fr > > > > 2015-06-17 13:21 GMT+02:00 Emrah DALGIÇ <emrah.dal...@hititcs.com>: > > Hello, > > > > I am testing on same page and result is below: > > > > *This server is vulnerable to the POODLE attack. If possible, disable SSL > 3 to mitigate. Grade capped to C.* > > > > Regards. > > > > *From:* Mathieu Chateau [mailto:mathieu.chat...@lotp.fr] > *Sent:* Wednesday, June 17, 2015 2:13 PM > > > *To:* zenloadbalancer-support > *Subject:* Re: [Zenloadbalancer-support] ZEN poodle disable > > > > Hello, > > > > what is your zen version ? 3.0.5 ? > > Please test your ssl security from here (if exposed on internet): > > https://www.ssllabs.com/ssltest/index.html > > > > No way to get an "A" on Qualys, but my web site site is not poodle > friendly: > > *POODLE (SSLv3)* > > No, SSL 3 not supported (more info > <https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack> > ) > > *POODLE (TLS)* > > No (more info > <https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls> > ) > > > > > Cordialement, > Mathieu CHATEAU > http://www.lotp.fr > > > > 2015-06-17 12:49 GMT+02:00 Emrah DALGIÇ <emrah.dal...@hititcs.com>: > > Hello Mathieu, > > > > I used your cipher but result is still vulnerable for poodle. > > > > Best Regards. > > > > *From:* Mathieu Chateau [mailto:mathieu.chat...@lotp.fr] > *Sent:* Wednesday, June 17, 2015 12:13 PM > *To:* zenloadbalancer-support > *Subject:* Re: [Zenloadbalancer-support] ZEN poodle disable > > > > Hello, > > > > to disable ssl v3 and get the highest security, set this custom cipher > > ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM > > > > TLS v1.2 is not available as it's linked to openssl and we are stuck with > old one. > > > > > > > Cordialement, > Mathieu CHATEAU > http://www.lotp.fr > > > > 2015-06-17 10:43 GMT+02:00 Emrah DALGIÇ <emrah.dal...@hititcs.com>: > > Dear All, > > > > I want to disable SSLv3 and use TLSv1 and TLSv1.2. Could you please inform > me correct ciphers for https farm. > > > > Best Regards. > > *Emrah Dalgıç* > > > > Kisiye ozel bu mesaj ve icerigindeki bilgiler gizlidir. Hitit Bilgisayar > Hizmetleri bu mesajin icerigi ve ekleri ile ilgili olarak hukuksal hicbir > sorumluluk kabul etmez. Yetkili alicilardan biri degilseniz, bu mesajin > herhangi bir sekilde ifsa edilmesi, kullanilmasi, kopyalanmasi, yayilmasi > veya mesajda yeralan hususlarla ilgili olarak herhangi bir islem > yapilmasinin kesinlikle yasak oldugunu bildiririz. Boyle bir durumda lutfen > hemen mesajin gondericisini bilgilendiriniz ve mesaji sisteminizden > siliniz. Internet ortaminda gonderilen e-posta mesajlarindaki hata ve/veya > eksikliklerden veya viruslerden dolayi mesajin gondericisi herhangi bir > sorumluluk kabul etmemektedir. Tesekkur ederiz. The information contained > in this communication may contain confidential or legally privileged > information. Hitit Computer Services doesn't accept any legal > responsibility for the contents and attachments of this message. If you are > not the intended recipient you are hereby notified that any disclosure, > use, copying, distribution or taking any action in reliance on the contents > of this information is strictly prohibited. If you have received this > communication in error, please notify the sender immediately by responding > to this e-mail and then delete it from your system. The sender does not > accept any liability for any errors or omissions or any viruses in the > context of this message which arise as a result of internet transmission. > Thank you. > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Zenloadbalancer-support mailing list > Zenloadbalancer-support@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support > > > > Kisiye ozel bu mesaj ve icerigindeki bilgiler gizlidir. Hitit Bilgisayar > Hizmetleri bu mesajin icerigi ve ekleri ile ilgili olarak hukuksal hicbir > sorumluluk kabul etmez. Yetkili alicilardan biri degilseniz, bu mesajin > herhangi bir sekilde ifsa edilmesi, kullanilmasi, kopyalanmasi, yayilmasi > veya mesajda yeralan hususlarla ilgili olarak herhangi bir islem > yapilmasinin kesinlikle yasak oldugunu bildiririz. Boyle bir durumda lutfen > hemen mesajin gondericisini bilgilendiriniz ve mesaji sisteminizden > siliniz. Internet ortaminda gonderilen e-posta mesajlarindaki hata ve/veya > eksikliklerden veya viruslerden dolayi mesajin gondericisi herhangi bir > sorumluluk kabul etmemektedir. Tesekkur ederiz. The information contained > in this communication may contain confidential or legally privileged > information. Hitit Computer Services doesn't accept any legal > responsibility for the contents and attachments of this message. If you are > not the intended recipient you are hereby notified that any disclosure, > use, copying, distribution or taking any action in reliance on the contents > of this information is strictly prohibited. If you have received this > communication in error, please notify the sender immediately by responding > to this e-mail and then delete it from your system. The sender does not > accept any liability for any errors or omissions or any viruses in the > context of this message which arise as a result of internet transmission. > Thank you. > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Zenloadbalancer-support mailing list > Zenloadbalancer-support@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support > > > > Kisiye ozel bu mesaj ve icerigindeki bilgiler gizlidir. Hitit Bilgisayar > Hizmetleri bu mesajin icerigi ve ekleri ile ilgili olarak hukuksal hicbir > sorumluluk kabul etmez. Yetkili alicilardan biri degilseniz, bu mesajin > herhangi bir sekilde ifsa edilmesi, kullanilmasi, kopyalanmasi, yayilmasi > veya mesajda yeralan hususlarla ilgili olarak herhangi bir islem > yapilmasinin kesinlikle yasak oldugunu bildiririz. Boyle bir durumda lutfen > hemen mesajin gondericisini bilgilendiriniz ve mesaji sisteminizden > siliniz. Internet ortaminda gonderilen e-posta mesajlarindaki hata ve/veya > eksikliklerden veya viruslerden dolayi mesajin gondericisi herhangi bir > sorumluluk kabul etmemektedir. Tesekkur ederiz. The information contained > in this communication may contain confidential or legally privileged > information. Hitit Computer Services doesn't accept any legal > responsibility for the contents and attachments of this message. If you are > not the intended recipient you are hereby notified that any disclosure, > use, copying, distribution or taking any action in reliance on the contents > of this information is strictly prohibited. If you have received this > communication in error, please notify the sender immediately by responding > to this e-mail and then delete it from your system. The sender does not > accept any liability for any errors or omissions or any viruses in the > context of this message which arise as a result of internet transmission. > Thank you. > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Zenloadbalancer-support mailing list > Zenloadbalancer-support@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support > > > > Kisiye ozel bu mesaj ve icerigindeki bilgiler gizlidir. Hitit Bilgisayar > Hizmetleri bu mesajin icerigi ve ekleri ile ilgili olarak hukuksal hicbir > sorumluluk kabul etmez. Yetkili alicilardan biri degilseniz, bu mesajin > herhangi bir sekilde ifsa edilmesi, kullanilmasi, kopyalanmasi, yayilmasi > veya mesajda yeralan hususlarla ilgili olarak herhangi bir islem > yapilmasinin kesinlikle yasak oldugunu bildiririz. Boyle bir durumda lutfen > hemen mesajin gondericisini bilgilendiriniz ve mesaji sisteminizden > siliniz. Internet ortaminda gonderilen e-posta mesajlarindaki hata ve/veya > eksikliklerden veya viruslerden dolayi mesajin gondericisi herhangi bir > sorumluluk kabul etmemektedir. Tesekkur ederiz. The information contained > in this communication may contain confidential or legally privileged > information. Hitit Computer Services doesn't accept any legal > responsibility for the contents and attachments of this message. If you are > not the intended recipient you are hereby notified that any disclosure, > use, copying, distribution or taking any action in reliance on the contents > of this information is strictly prohibited. If you have received this > communication in error, please notify the sender immediately by responding > to this e-mail and then delete it from your system. The sender does not > accept any liability for any errors or omissions or any viruses in the > context of this message which arise as a result of internet transmission. > Thank you. > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Zenloadbalancer-support mailing list > Zenloadbalancer-support@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Zenloadbalancer-support mailing list > Zenloadbalancer-support@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Zenloadbalancer-support mailing list > Zenloadbalancer-support@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Zenloadbalancer-support mailing list > Zenloadbalancer-support@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support > >
------------------------------------------------------------------------------
_______________________________________________ Zenloadbalancer-support mailing list Zenloadbalancer-support@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
