Re: [Pound Mailing List] BEAST attack patch for Pound 2.6 cannot get certificate

Hi Scott, I hope you can help me again. Since upgrading to pound 2.6 as discussed previously, we are having trouble re-directing a user from https to http. But if I downgrade pound back to 2.5 and refresh it works fine. I am not all familiar with how pound works. Do you have any recommendat

Re: [Pound Mailing List] BEAST attack patch for Pound 2.6 cannot get certificate

Hi Francoise, I'm going to take a guess here but your pound.cfg should look something like this for a basic redirection from HTTP to HTTPS (well this works well for me but I'm sure others may know of another/better way to do this) User"nobody" Group"nobody" LogLevel1 LogFacilityl

Re: [Pound Mailing List] BEAST attack patch for Pound 2.6 cannot get certificate

Hi Scott, We use Perl 5.10, Catalyst and Plack/PSGI for the back end servers. Pound is used for https and Perlbal for http front ends. So Pound config is something like: User"nobody" Group "nobody" LogLevel 1 ListenHTTPS Address xxx.xxx.xxx.xxx Port443 Cert"/etc/po

Re: [Pound Mailing List] BEAST attack patch for Pound 2.6 cannot get certificate

Hi Francoise, OK think I've got it now. Try something like this: User"nobody" Group "nobody" LogLevel 1 ListenHTTPS Address xxx.xxx.xxx.xxx Port443 Cert"/etc/pound/dev.pem" Ciphers "ALL:!aNULL:!ADH:!eNULL:!EXPORT56:RC4+RSA:HIGH:MEDIUM:!LOW:!SSLv2:!EXP:!eNUL:!EXP-DE

Re: [Pound Mailing List] BEAST attack patch for Pound 2.6 cannot get certificate

But port 80 is already in use by perlbal for HTTP so pound won't start up! From: Scott McKeown mailto:sc...@loadbalancer.org>> Reply-To: "pound@apsis.ch" mailto:pound@apsis.ch>> Date: Thursday, 20 September 2012 12:30 To: "pound@apsis.ch" mailto:poun

Re: [Pound Mailing List] BEAST attack patch for Pound 2.6 cannot get certificate

Just for testing, I stopped perlbal, added the ListenHTTP suggestion to pound, so now pound runs on ports 443 and 80. The problem is worse. I cannot go from http to https or from https to http. So it's definitely something with pound! Previously I reinstalled pound with just plain 2.6 withou

Re: [Pound Mailing List] BEAST attack patch for Pound 2.6 cannot get certificate

So your Pound Setup and the Web Site are running on the same server, sorry I have mine setup in a Proxy mode which is a slightly different setup. I don't know perlbal but at a guess you should be able to change the port that its listening on in its config file to something like 8080 and then with t

[Pound Mailing List] pound doesn't detach from tty when piping to rotatelogs

Howdy, If I set LogFacility to - and invoke pound as follows: /usr/local/sbin/pound 2>&1 | /usr/local/sbin/rotatelogs ... it doesn't detach from the tty and daemonize. (It detaches fine without the rotatelogs pipe.) Bug? I'm on FreeBSD 9.1. Pound 2.6 from port

Re: [Pound Mailing List] BEAST attack patch for Pound 2.6 cannot get certificate

I tried your suggestion below so pound runs on 443 and 80. All http goes from pound to the new perlbal port 8080. And all https goes through pound as usual. I still have the same problem. Cannot redirect from http to https and vise versa (now that pound is running both ports). From: Scott M

[Pound Mailing List] Service redirection based on request method?

Playing around with pound, I found myself wanting to configure Service instances based on the type of HTTP request method. I tried the following, which didn't work (I didn't really expect it to work, but it gives you an idea of what I'm trying to do): ListenHTTPS

Re: [Pound Mailing List] BEAST attack patch for Pound 2.6 cannot get certificate

Hi Francoise, Can you show me your current pound.cfg file please (replace anything with X's) ~Scott On 20 September 2012 15:49, Francoise Dehinbo < francoise.dehi...@foxtons.co.uk> wrote: > I tried your suggestion below so pound runs on 443 and 80. All http goes > from pound to the new perlbal

Re: [Pound Mailing List] BEAST attack patch for Pound 2.6 cannot get certificate

It is pretty much what I emailed earlier. /etc/pound/dev.pem is a self-sign certificate for testing. This is how I created the certificate: openssl req -new -newkey rsa:2048 -nodes -keyout dev.key -out dev.csr openssl x509 -req -days 3650 -in dev.csr -signkey dev.key -out dev.crt cat dev.key

Re: [Pound Mailing List] BEAST attack patch for Pound 2.6 cannot get certificate

Is it possible that your Perl application tries to enforce HTTPS? If so, HTTPS would go from user to Pound, HTTP from Pound to Perl, and Perl would then redirect to HTTPS, ending in an infinite loop. Cheers, A. > It is pretty much what I emailed earlier. /etc/pound/dev.pem is a > self-sign certi

RE: [Pound Mailing List] BEAST attack patch for Pound 2.6 cannot get certificate

Do not include the csr in the pem for pound. Key, then crt. I'll admit, I've only partly been paying attention.. But from what I've been reading I'm having a hard time figuring out what you're trying to accomplish. Are you trying to use Pound for SSL termination, and as such you just want it to