Hello,

Is that possible to enable sslv2 on one url an sslv3 on another url on 
the same backend server?

Some thing like that:

ListenHTTP 192.168.1.15,80
ListenHTTPS 192.168.1.15,443 /usr/local/pound/cert/01.pem
        UrlGroup    "/caatlantica/cgi/.*"                         
<--------------------- no certificat client required
        BackEnd     192.168.1.10,80,1
        HTTPSHeaders 3 ""
        EndGroup
        UrlGroup    "/caatlantica/cgi_sslv3/.*"               
<--------------------- SSL V3 certificat client required
        BackEnd     192.168.1.10,80,1
        HTTPSHeaders 0 ""
        EndGroup

I know that "HTTPSHeaders" is global directive so I don't know how to do 
that?

pound 1.8.3 + openssl-0.9.7e + debian SARGE 2.6.8-2

thanks

On Wed, 27 Apr 2005 12:38:58 +0200 Urien Ronan
<ronan.urien(at)wanadoo.fr>
wrote:[...]

You can't do it like that, but you have a work-around: set HTTPSHeaders
to 1 (or 3). Basically it says to the client "show me a certificate if
you have one". Verify in the application if the headers are present.[...]

Thanks a lot for your quickly response,

 but in that case clients who connect simply on SSL v2 will have a popup 
which invite them to give a client certificate. And we think it's not 
acceptable. Do you think there is another way? Else do you think it will 
possible to do that by changing a part of the source code ?

thanks

Robert Segall a écrit :
[...][...][...]

On Wed, 27 Apr 2005 13:44:31 +0200 Urien Ronan
<ronan.urien(at)wanadoo.fr>
wrote:[...]

Not really. The definition applies to an HTTPS connection, and there can
be only one of those per port. In future versions it might be possible
to do separate connections (same as you can achieve now with
separate Pound instances - essentially you would have independent
servers) but the definition of HTTPS does not allow what you really
want.[...]