Dave,
Did anyone ever answer this question ?
Jim
James M Doherty
*President*
REVIVE CONSULTING LLC
EMAIL: j...@jdoherty.net
PHONE: 512-650-2997
FAX: 512-717-7526
*Author*: *Bought With A Price
<http://bookstore.westbowpress.com/Products/SKU-000731960/Bought-with-a-Price.aspx>
*
*"Things My Dad Taught Me"*
*Patents Held (40):*
http://patent.ipexl.com/inventor/James_M_Doherty_1.html
On Thu, Oct 20, 2016 at 11:41 AM, David Byrne <david.by...@vooservers.com>
wrote:
> Hi,
>
> We have a client who needed to be able see requests ‘real ip’ before SSL
> termination on back end servers. So our solution was to terminate SSL on
> ZLB in an HTTP(S) farm. This worked fine, but now SSL Analysis Tests grade
> the SSL/Site as grade F due to a number of weaknesses:
>
> -Supports SSLv3
>
> -Supports TLSv1
>
> -Does not support TLSv1.1/1.2
> -Diffie-Hellman Parameter Weak – Only 1024bits
>
>
>
> No matter what we change our Cipher/Protocol string to in custom security
> in the Farm, it does not change. It refuses to support TLS above 1.0, and
> this is a major issue for the client.
>
>
>
> I believe this is due to ZLB (v3.05) running OpenSSL v0.98.
>
>
>
> Please can you advise on whether there is an accepted fix for this? I
> guess update openssl, but that does seem risky on a packaged system such as
> ZLB. Thanks.
>
> Best Regards,
> *Dave *
> *Byrne *Head of Technical Projects
>
> Office: 01622 524 200
> The Maidstone Studios | Vinters Business Park | New Cut Road | Maidstone |
> Kent | ME14 5NZ
> <https://www.vooservers.com/> <http://www.vooservers.com/>
>
> <https://www.facebook.com/VooServers>
> <https://www.facebook.com/VooServers>
>
> <https://twitter.com/VooServers> <https://twitter.com/vooservers>
> <https://twitter.com/VooServers>
>
> <https://uk.linkedin.com/pub/dave-byrne/79/2aa/983>
> <https://www.linkedin.com/company/vooservers>
>
> ------------------------------
> This communication and any attachments contain information which is
> confidential and may also be privileged. It is for the exclusive use of the
> intended recipient(s). If you are not the intended recipient(s) please note
> that any form of disclosure, distribution, copying or use of this
> communication or the information in it or in any attachments is strictly
> prohibited and may be unlawful. If you have received this communication in
> error, please return it with the title 'received in error' to
> david.by...@vooservers.com then delete the email and destroy any copies
> of it. Email communications cannot be guaranteed to be secure or error
> free, as information could be intercepted, corrupted, amended, lost,
> destroyed, arrive late or incomplete, or contain viruses. We do not accept
> liability for any such matters or their consequences. Anyone who
> communicates with us by email is taken to accept the risks in doing so.
> Opinions, conclusions and other information in this email and any
> attachments which do not relate to VooServers are neither given nor
> endorsed by it.
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Zenloadbalancer-support mailing list
> Zenloadbalancer-support@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
>
------------------------------------------------------------------------------
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive.
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik
_______________________________________________
Zenloadbalancer-support mailing list
Zenloadbalancer-support@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
