Hi,
We have a client who needed to be able see requests 'real ip' before SSL
termination on back end servers. So our solution was to terminate SSL on ZLB in
an HTTP(S) farm. This worked fine, but now SSL Analysis Tests grade the
SSL/Site as grade F due to a number of weaknesses:
-Supports SSLv3
-Supports TLSv1
-Does not support TLSv1.1/1.2
-Diffie-Hellman Parameter Weak - Only 1024bits
No matter what we change our Cipher/Protocol string to in custom security in
the Farm, it does not change. It refuses to support TLS above 1.0, and this is
a major issue for the client.
I believe this is due to ZLB (v3.05) running OpenSSL v0.98.
Please can you advise on whether there is an accepted fix for this? I guess
update openssl, but that does seem risky on a packaged system such as ZLB.
Thanks.
Best Regards,
Dave Byrne
Head of Technical Projects
Office: 01622 524 200
The Maidstone Studios | Vinters Business Park | New Cut Road | Maidstone | Kent
| ME14 5NZ
[cid:footer-vooservers-logo1_cc5b3fb4-0b1e-4a12-93d1-a43930beaf7b1111.png]<https://www.vooservers.com/><http://www.vooservers.com/>
[cid:Facebook_852ddf9e-9b06-4814-a8b0-a19e21ee2d171111.png]<https://www.facebook.com/VooServers><https://www.facebook.com/VooServers>
<https://twitter.com/VooServers>[cid:Twitter_ddf228e6-fcbd-4b2c-97f3-1390530466e01111.png]<https://twitter.com/vooservers><https://twitter.com/VooServers>
[cid:LinkedIn_0349813b-c761-4b32-8ca3-c3b8e2650e5c1111.png]<https://uk.linkedin.com/pub/dave-byrne/79/2aa/983><https://www.linkedin.com/company/vooservers>
________________________________
This communication and any attachments contain information which is
confidential and may also be privileged. It is for the exclusive use of the
intended recipient(s). If you are not the intended recipient(s) please note
that any form of disclosure, distribution, copying or use of this communication
or the information in it or in any attachments is strictly prohibited and may
be unlawful. If you have received this communication in error, please return it
with the title 'received in error' to david.by...@vooservers.com then delete
the email and destroy any copies of it. Email communications cannot be
guaranteed to be secure or error free, as information could be intercepted,
corrupted, amended, lost, destroyed, arrive late or incomplete, or contain
viruses. We do not accept liability for any such matters or their consequences.
Anyone who communicates with us by email is taken to accept the risks in doing
so. Opinions, conclusions and other information in this email and any
attachments which do not relate to VooServers are neither given nor endorsed by
it.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Zenloadbalancer-support mailing list
Zenloadbalancer-support@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
