2

we are handling SSL with a pound 2.3 HTTP(S) proxy. Is there any way to force a client's Browser to use SSLv3? I couldn't find anything in the pound documentation ...

Thanks for your insight!

Cheers,

Andreas.

andreas-h
  • 1,054
  • 1
  • 16
  • 27

1 Answers1

3

I hope you've found an answer by now. But this was approved by a quality third party ethical hacking firm, Qualys WAS and network scanner, and IBM's AppScanner:

Ciphers "ALL:!ADH:!EXPORT56:RC4+RSA:HIGH:MEDIUM:!LOW:!SSLv2:+EXP:!eNUL:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5:!EXP-RC4-MD5:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5:!EXP-RC4-MD5"

This removes the sslv2 but leaving sslv3 in place. It is however best practice to disable sslv3 where possible.

Drifter104
  • 3,693
  • 2
  • 22
  • 39
Leo
  • 1,008
  • 1
  • 8
  • 13