,
Backends can use HTTPS as well. To inform pound that
communication with the backend goes over an encrypted channel, use
the HTTPS keyword. The typical usage is:
Backend
Address 192.0.2.1
Port 443
HTTPS
End
Notice, that unlike other statements, HTTPS is used without
arguments.
Additional directives are available for fine-tuning the connection.
If used, they must appear after the HTTPS directive,
The Cert directive specify the client certificate to use when
connecting. Use it if the backend requires client authentication.
The Disable and Ciphers directives are similar to those
described when discussing ListenHTTPS: the former disables the
given TLS protocol and all protocols prior to it, and the latter
configures the list of OpenSSL ciphers which the client wishes to
use. The actual cipher to use will be selected from this list during
negotiation with the backend.
The example below illustrates the use of these directives:
Backend
Address 192.0.2.1
Port 443
HTTPS
Disable TLSv1_1
Cert "/etc/pound/crt/b1.pem"
Ciphers "HIGH:!RSA"
End