23 Feb
2015
23 Feb
'15
1:55 p.m.
Reviewed-by: Rodrigo Trujillo <rodrigo.trujillo@linux.vnet.ibm.com> On 02/19/2015 05:41 PM, Tulio Magno Quites Machado Filho wrote:
This patch helps to protect Kimchi against CVE-2014-3566 by completely disabling SSLv3 on nginx. --- src/nginx.conf.in | 1 + 1 file changed, 1 insertion(+)
diff --git a/src/nginx.conf.in b/src/nginx.conf.in index b5d207f..ed926a3 100644 --- a/src/nginx.conf.in +++ b/src/nginx.conf.in @@ -52,6 +52,7 @@ http {
ssl_certificate ${cert_pem}; ssl_certificate_key ${cert_key}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; add_header X-Frame-Options DENY;