1:41 p.m.
This patch helps to protect Kimchi against CVE-2014-3566 by completely
disabling SSLv3 on nginx.
---
src/nginx.conf.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/nginx.conf.in b/src/nginx.conf.in
index b5d207f..ed926a3 100644
--- a/src/nginx.conf.in
+++ b/src/nginx.conf.in
@@ -52,6 +52,7 @@ http {
ssl_certificate ${cert_pem};
ssl_certificate_key ${cert_key};
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=31536000;
includeSubdomains;";
add_header X-Frame-Options DENY;
--
2.1.0
6:55 a.m.
Reviewed-by: Rodrigo Trujillo <rodrigo.trujillo(a)linux.vnet.ibm.com>
On 02/19/2015 05:41 PM, Tulio Magno Quites Machado Filho wrote:
This patch helps to protect Kimchi against CVE-2014-3566 by
completely
disabling SSLv3 on nginx.
---
src/nginx.conf.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/nginx.conf.in b/src/nginx.conf.in
index b5d207f..ed926a3 100644
--- a/src/nginx.conf.in
+++ b/src/nginx.conf.in
@@ -52,6 +52,7 @@ http {
ssl_certificate ${cert_pem};
ssl_certificate_key ${cert_key};
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=31536000;
includeSubdomains;";
add_header X-Frame-Options DENY;
3588
days inactive
3593
days old
2 comments
3 participants
participants (3)
-
Aline Manera -
Rodrigo Trujillo -
Tulio Magno Quites Machado Filho