This patch helps to protect Kimchi against CVE-2014-3566 by completely
disabling SSLv3 on nginx.
---
src/nginx.conf.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/nginx.conf.in b/src/nginx.conf.in
index b5d207f..ed926a3 100644
--- a/src/nginx.conf.in
+++ b/src/nginx.conf.in
@@ -52,6 +52,7 @@ http {
ssl_certificate ${cert_pem};
ssl_certificate_key ${cert_key};
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=31536000;
includeSubdomains;";
add_header X-Frame-Options DENY;
--
2.1.0