modify pound config to exclude SSLv3 but include our cipherstringb
[ach-master.git] / src / practical_settings / proxy_solutions.tex
index 4405aa1..38ee9c2 100644 (file)
@@ -148,7 +148,7 @@ ListenHTTPS
     AddHeader    "Front-End-Https: on"
     Cert         "/path/to/your/cert.pem"
     ## See 'man ciphers'.
-    Ciphers     "      TLSv1.2:!SSLv3:!SSLv2:AES256:!aNULL:!eNULL:!NULL"
+    Ciphers      "TLSv1.2:TLSv1.1!SSLv3:!SSLv2:@@@CIPHERSTRINGB@@@"
     Service
         BackEnd
             Address 10.20.0.10