Ssl – How to force SSLv3 in pound HTTP Proxy

poundssl

we are handling SSL with a pound 2.3 HTTP(S) proxy. Is there any way to force a client's Browser to use SSLv3? I couldn't find anything in the pound documentation …

Thanks for your insight!

Cheers,

Andreas.

Best Answer

I hope you've found an answer by now. But this was approved by a quality third party ethical hacking firm, Qualys WAS and network scanner, and IBM's AppScanner:

Ciphers "ALL:!ADH:!EXPORT56:RC4+RSA:HIGH:MEDIUM:!LOW:!SSLv2:+EXP:!eNUL:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5:!EXP-RC4-MD5:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5:!EXP-RC4-MD5"

This removes the sslv2 but leaving sslv3 in place. It is however best practice to disable sslv3 where possible.

Best Answer

Related Solutions

Ssl – pound: multiple domains

Pound, HAproxy and HAproxy logging

Related Topic