we are handling SSL with a pound 2.3 HTTP(S) proxy. Is there any way to force a client's Browser to use SSLv3? I couldn't find anything in the pound documentation ...
Thanks for your insight!
Cheers,
Andreas.
we are handling SSL with a pound 2.3 HTTP(S) proxy. Is there any way to force a client's Browser to use SSLv3? I couldn't find anything in the pound documentation ...
Thanks for your insight!
Cheers,
Andreas.
I hope you've found an answer by now. But this was approved by a quality third party ethical hacking firm, Qualys WAS and network scanner, and IBM's AppScanner:
Ciphers "ALL:!ADH:!EXPORT56:RC4+RSA:HIGH:MEDIUM:!LOW:!SSLv2:+EXP:!eNUL:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5:!EXP-RC4-MD5:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5:!EXP-RC4-MD5"
This removes the sslv2 but leaving sslv3 in place. It is however best practice to disable sslv3 where possible.