pound is a tiny reverse proxy load balancer and SSL offloader. It’s not a caching proxy like Varnish, but its simplicity and lightweight make it a good choice for making an HTTPS front-end on a moderate traffic platform.
Create a PEM file
pound use the PEM format. A single PEM file can contain all the needed files (public certificate, intermediate certificate, root certificate and private key).
To convert your SSL files certificate to a PEM file usable for Pound:
# cat server.key > cert.pem
# cat your.domain.tld.crt >> cert.pem
# cat intermediate.crt >> server.pem
Disable SSLv3
To improve security you can disable the SSLv3 protocol. You need at least the patched version 2.6 to do that. Add the DisableSSLv3 directive inside your ListenHTTPs block.
Improve ciphers selection
To improve security you can also disable old/weak ciphers. Redefine the ciphers selection like this:
Ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:-RC4:EECDH+aRSA+RC4:EECDH+RC4:EDH+aRSA+RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:RC4+SHA"Further Reading and sources