
19 Feb
2015
19 Feb
'15
8:41 p.m.
This patch helps to protect Kimchi against CVE-2014-3566 by completely disabling SSLv3 on nginx. --- src/nginx.conf.in | 1 + 1 file changed, 1 insertion(+) diff --git a/src/nginx.conf.in b/src/nginx.conf.in index b5d207f..ed926a3 100644 --- a/src/nginx.conf.in +++ b/src/nginx.conf.in @@ -52,6 +52,7 @@ http { ssl_certificate ${cert_pem}; ssl_certificate_key ${cert_key}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; add_header X-Frame-Options DENY; -- 2.1.0