Both pcidss/v2.6 and stage_for_upstream/v2.7c have been updated with
patches that implement config options for
(if I was going to do one, I might as well do them all)
In addition there's a backend config option
Each option is only available to you if your OpenSSL library supports it.
My research on TLS_FALLBACK_SCSV is that the client has to set this in
their Hello header. The server just processes that as part of the
handshake. That's why there's only an option for HTTPS backends to use
it - the case when pound is the client. HTTPS Listeners should
implicitly use this option if it's baked into your openssl library.
Stage for upstream branch:
Zip here: https://github.com/goochjj/pound/archive/pcidss/v2.6.zip
Please test and let me know if you have any issues.