modify pound config to exclude SSLv3 but include our cipherstringb
authorAaron Zauner <azet@azet.org>
Tue, 17 Dec 2013 12:49:16 +0000 (13:49 +0100)
committerAaron Zauner <azet@azet.org>
Tue, 17 Dec 2013 12:49:16 +0000 (13:49 +0100)
src/practical_settings/proxy_solutions.tex

index 4405aa1..38ee9c2 100644 (file)
@@ -148,7 +148,7 @@ ListenHTTPS
     AddHeader    "Front-End-Https: on"
     Cert         "/path/to/your/cert.pem"
     ## See 'man ciphers'.
-    Ciphers     "      TLSv1.2:!SSLv3:!SSLv2:AES256:!aNULL:!eNULL:!NULL"
+    Ciphers      "TLSv1.2:TLSv1.1!SSLv3:!SSLv2:@@@CIPHERSTRINGB@@@"
     Service
         BackEnd
             Address 10.20.0.10