Just to inform you, the pound version in zen 3.10.1 is the stable version
defined by debian jessie.
Regards
Sent from mobile
El 8 jul. 2016 11:54 a. m., "Jurgen Schepers" <jurgen.schep...@chapoo.com>
escribió:
> I just tried this on a freshly installed 3.10.1 and with the cipher list
> you mention I get B in SSLlabs and no support for ATS.
>
> The highest I can get is A-, also without ATS support, using this simple
> cipher list:
>
> DEFAULT:!EDH:!RC4
>
> As I understand it the Pound server is too old to support all the ciphers
> of type EC. So it won't be possible to get ATS working with Zen 3.10.1.
>
> Jurgen.
>
> On 30/06/2016 8:35, Emilio Campos wrote:
>
> Dear Scott could you let us know the Zen version are you working with?
> 3.10.1 recommended, 3.7 or preview version is not supported.
>
> Community Edition is totally integrated with the Debian distro , so you
> could update openssl with the tools for updating packages:
>
> apt-get update
> apt-get install openssl
>
> On the other hand what kind of issue do you detect? Ciphers in Zen is
> based in Openssl so any cipher list has to work in the LB side, but others
> vendor as Apple can support a different Cipher list, do you know the
> supported list? maybe some ciphers are not supported by Apple but Zen
> support them.
>
> BTW, you can use DEFAULT cipher list for, this is a reserved list of
> ciphers in openssl.
>
> Also this cipher list is supported in 3.10.1 and gives A+ in SSLlabs.
>
>
> kEECDH+ECDSA+AES128:kEECDH+ECDSA+AES256:kEECDH+AES128:kEECDH+AES256:kEDH+AES128:kEDH+AES256:DES-CBC3-SHA:+SHA:!aNULL:!eNULL:!LOW:!kECDH:!DSS:!MD5:!EXP:!PSK:!SRP:!CAMELLIA:!SEED
>
> Scott If you are talking about offering another alternative to the
> customer remember Zen offers an Enterprise Line solution.
>
> Regards!
>
>
> 2016-06-30 7:11 GMT+02:00 Scott Berry <sc...@boompayments.com>:
>
>> Hi All,
>>
>> I recall testing this project a LONG time ago when it was in alpha/beta.
>> It has come a long way and I now have a case to use Zen but am running in
>> to an issue. No matter what I have tried we are having an issue with iOS9
>> and the new ATS requirement. In essence I can not find a set of ciphers (or
>> any setting) that will allow iOS 9 to connect through Zen when I am
>> offloading SSL. The certs meet all the requirements, they worked for this
>> purpose on AWS ELB and directly on nginx so we know they are good. I have
>> tried at least a dozen cipher combinations. No matter what when I test with
>> the SSL labs test it always fails. I only saw a brief discussion about weak
>> ciphers related to Zen on this list or somewhere. It had some mentions
>> about changes to openssl through SSH but not enough information to go on.
>>
>> Current cipher
>> list: ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
>>
>> I also tested this set, which is what cloud flare recommended and gives
>> us an A- using Zen on SSLLabs testing:
>> EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
>>
>> Either way I am looking to see if there is some info or solution out
>> there for this. I’d rather keep Zen and even push the client towards a paid
>> option if it works out. Otherwise I guess I have to go back to HAProxy
>> which I’d rather not.
>>
>> Thanks!
>> *- - - - -*
>> *Scott Berry*
>> Lead Developer | Boom! Payments
>> m: 1.661.478.7144
>>
>>
>> ------------------------------------------------------------------------------
>> Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
>> Francisco, CA to explore cutting-edge tech and listen to tech luminaries
>> present their vision of the future. This family event has something for
>> everyone, including kids. Get more information and register today.
>> http://sdm.link/attshape
>> _______________________________________________
>> Zenloadbalancer-support mailing list
>> Zenloadbalancer-support@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>>
>>
>
>
> --
> Load balancer distribution - Open Source Project
> http://www.zenloadbalancer.com
> Distribution list (subscribe):
> zenloadbalancer-support@lists.sourceforge.net
>
>
> ------------------------------------------------------------------------------
> Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
> Francisco, CA to explore cutting-edge tech and listen to tech luminaries
> present their vision of the future. This family event has something for
> everyone, including kids. Get more information and register
> today.http://sdm.link/attshape
>
>
>
> _______________________________________________
> Zenloadbalancer-support mailing
> listZenloadbalancer-support@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
>
> --
> [image: Chapoo]
>
> JURGEN SCHEPERS
> Product Manager
>
> Chapoo NV • Bellevue 5/202, 9050 Gent, Belgium • +32 9 244 01 20 •
> www.chapoo.com
>
>
> ------------------------------------------------------------------------------
> Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
> Francisco, CA to explore cutting-edge tech and listen to tech luminaries
> present their vision of the future. This family event has something for
> everyone, including kids. Get more information and register today.
> http://sdm.link/attshape
> _______________________________________________
> Zenloadbalancer-support mailing list
> Zenloadbalancer-support@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
>
------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Zenloadbalancer-support mailing list
Zenloadbalancer-support@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
