On Thu, Oct 16, 2014 at 07:31:30PM +, Antoni Villalonga wrote:
> I've been checking this issue and now I've a patch for it (attached).
> Add «Protocols "TLSv1"» after Ciphers line in pound.cfg to dissable
> SSLv2&SSLv3.
> It is an approach of SSLProtocols in Apache mod_ssl. Needs more work.
I
Hi,
I've been checking this issue and now I've a patch for it (attached).
Add «Protocols "TLSv1"» after Ciphers line in pound.cfg to dissable
SSLv2&SSLv3.
It is an approach of SSLProtocols in Apache mod_ssl. Needs more work.
Hope it helps!
PS: I'll try to rewrite the patch in order to be more 'c
Package: pound
Version: 2.6-4
Severity: important
Tags: security
Hello,
I can't see anyway of disabling SSLv3 in Pound, which is now considered
insecure.
In additional, https://www.ssllabs.com/ssltest/ reports that "Secure
Client-Initiated Renegotiation" is supported, and flags this as a securit
3 matches
Mail list logo
