[Kimchi-devel] [PATCH] Disable SSL on nginx

19 Feb 2015

This patch helps to protect Kimchi against CVE-2014-3566 by completely
disabling SSLv3 on nginx.
---
 src/nginx.conf.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/nginx.conf.in b/src/nginx.conf.in
index b5d207f..ed926a3 100644
--- a/src/nginx.conf.in
+++ b/src/nginx.conf.in
@@ -52,6 +52,7 @@ http {
 
         ssl_certificate ${cert_pem};
         ssl_certificate_key ${cert_key};
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
         add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
         add_header X-Frame-Options DENY;
-- 
2.1.0

    

[Kimchi-devel] [PATCH] Disable SSL on nginx

Tulio Magno Quites Machado Filho