Support ssl_honor_cipher_order #18

merged 1 commit into from Nov 4, 2012


None yet

2 participants


The SSL attack known as BEAST ( can be countered with recent IO::Socket::SSL releases. Documentation about it is in the IO::Socket::SSL manpage.

The missing piece for Perlbal is the passthrough mechanism for ssl_honor_cipher_order which I added in my fork. Tested with the help of


Wouldn't it be better to turn it on by default?


Since the maintainer of IO::Socket::SSL chose to not make it the default I wanted to follow his reasoning. He has this separate option, Openssl has this separate option, apache has it too, so it might cause more confusion when Perlbal tries to be different.

In Steffen comments on this question. Search for 'Therefore I don't like the workaround included by default.'

@abh abh merged commit f31eff1 into perlbal:master Nov 4, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment