Patching pound for PCI compliance (protect against POODLE)?
I currently use pound from the trusty package archives to terminate SSSL (used with a varnish reverse proxy) but it appears to be vulnerable to the Poodle attack. Disabling sslv3 is the recommendation, but that cannot be done with the current version without also disabling lots of ciphers that are used by TLS.
Some discussion of this is here:
http://
In that thread, there is a link to a repository that has a commonly used (it seems) patch:
https:/
I'd rather not compile my own version. Is it possible to get this patch included in the pound package in the archives, or does anyone know of someone who maintains an ubuntu package that includes the patch (before I go and roll my own)?
Thanks,
Cliff
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu pound Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask Clifford Meece for more information if necessary.