It is our stable branch, after all. Though I will say Pound betas have always been very stable compared to other projects I've seen. :)
Joe > -----Original Message----- > From: jacob anderson [mailto:[email protected]] > Sent: Monday, April 29, 2013 11:58 AM > To: [email protected] > Subject: RE: [Pound Mailing List] PCI-DSS Compliance with Pound > > Wow, thanks Joe! Keeping 2.6 alive for us xenophobic IT administrators > is very helpful. :) > > -- Jake > > > > -----Original Message----- > > From: Joe Gooch [mailto:[email protected]] > > Sent: Monday, April 29, 2013 7:40 AM > > To: '[email protected]' > > Cc: 'Lubomir Rintel' > > Subject: RE: [Pound Mailing List] PCI-DSS Compliance with Pound > > > > My suggestion to anyone who needs PCI-DSS compliance is to run my > branch here: > > https://github.com/goochjj/pound/tree/stage_for_upstream/v2.7b > > > > Zip here: > > https://github.com/goochjj/pound/archive/stage_for_upstream/v2.7b.zip > > > > This is based on 2.7b, and includes a bunch of patches that I usually > > include in pound, to do things like SNI, CertDir includes, > IncludeDir, PCRE redirects, etc. > > > > > > If you don't feel comfortable running a 2.7 branch, or don't want to > > include those patches, I've rolled a new branch: > > https://github.com/goochjj/pound/tree/pcidss/v2.6 > > Zip here: https://github.com/goochjj/pound/archive/pcidss/v2.6.zip > > > > Which includes only the XSRF, SSLv2, SSL compression and cipher > > enhancements against a 2.6 baseline. > > > > > > Joe > > > > > -----Original Message----- > > > From: Andreas Hilboll [mailto:[email protected]] > > > Sent: Monday, April 29, 2013 4:34 AM > > > To: [email protected] > > > Cc: Lubomir Rintel > > > Subject: Re: [Pound Mailing List] PCI-DSS Compliance with Pound > > > > > > Hi Lubomir, > > > > > > thanks! > > > > > > > For 2011-3389, I need to disable ciphers deemed unsecure. The > > > solution > > > > for Apache would be this: > > > > > > > > SSLHonorCipherOrder On > > > > SSLCipherSuite RC4-SHA:HIGH:!ADH > > > > > > > > > > > > Pound 2.7a contains a fix, at GoodData we use the following > > > configuration: > > > > > > > > Ciphers > "!EXPORT:!SSLv2:!MD5:!aNULL:!NULL:!LOW:RC4:RSA:ALL" > > > > SSLHonorCipherOrder 1 > > > > > > > > > > So this won't work on 2.6? Is there a patch available for 2.6? I'm > > > not too keen on using a version which is labeled "experimental". > > > > > > > > > > For 2012-4929, I need to turn off SSL Compression. > > > > > > > > > > > > This is what we use to address the issue (not sure what's needed > > > > in order to get that patch merged): > > > > > > > > http://www.apsis.ch/pound/pound_list/archive/2013/2013- > > > 02/136076601000 > > > > 0#1360766010000 > > > > > > From the message I can't tell whether the patch is for 2.6 or 2.7. > > > Can you enlighten me? I'd really like to stick to 2.6. > > > > > > > You need to rebuild your package. > > > > > > No problem, as I'm already doing that (I need a larger MAXBUF > > > setting than used in the Debian packageS). > > > > > > Thanks again, > > > Andreas. > > > > > > > > > -- > > > To unsubscribe send an email with subject unsubscribe to > > > [email protected]. > > > Please contact [email protected] for questions. > > > > -- > > To unsubscribe send an email with subject unsubscribe to > [email protected]. > > Please contact [email protected] for questions. > > > > -- > To unsubscribe send an email with subject unsubscribe to > [email protected]. > Please contact [email protected] for questions. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
