Package: pound Version: 2.6-4 Severity: important Tags: security Hello,
I can't see anyway of disabling SSLv3 in Pound, which is now considered insecure. In additional, https://www.ssllabs.com/ssltest/ reports that "Secure Client-Initiated Renegotiation" is supported, and flags this as a security issue. This is despite the fact that the man page say the default for SSLAllowClientRenegotiation is 0, which is disabled. I tried including "SSLAllowClientRenegotiation 0" in my configuration, but it didn't help. Thanks. -- Brian May <br...@microcomaustralia.com.au>
