/ Zope / Apsis / Pound Mailing List / Archive / 2009 / 2009-09 / single listener per-directory Cipher specification with pound?

[ << ] [ >> ]

[ TPROXY again / IVANCSO Krisztian ... ] [ Does pound allow SSL relay? / ... ]

single listener per-directory Cipher specification with pound?
PGNet Dev <pgnet.dev+pound(at)gmail.com>		 2009-09-23 01:11:49 [ FULL ] 
hi,

for a given HTTPS listener in pound, iiuc, i can define a single
Cipher string that'll be used for all dirs under the listener's
DOCROOT.

how can i define different ciphers for use in different dirs? e.g.,
the goal is the equivalent of,

	...
	ListenHTTPS
		Address xx.xx.xx.xx
		Port    443
		Cert    "/home/sec/ssl.crt/combined.pem"
		Service
			URL ".*/sec/.*"
			Ciphers "AES256-SHA"
			BackEnd
				Address 127.0.0.1
				Port    8080
			End
		End
		Service
			URL ".*"
			Ciphers "SSLv2:-LOW:-EXPORT:RC4+RSA"
			BackEnd
				Address 127.0.0.1
				Port    8080
			End
		End
	End
	...

unfortunately, the above fails with

	line 39: unknown directive "   Ciphers "AES256-SHA"" - aborted

per-directory cipher config is certainly doable via mod_ssl in apache.
 it's not clear to me if, by moving SSL negotiation "up front" to
pound, i've lost that capability, or simply have it config'd wrong.

any hints or suggestions as to how to achieve this?

thanks!
MailBoxer