[PATCH] Disable SSL on nginx
This patch helps to protect Kimchi against CVE-2014-3566 by completely disabling SSLv3 on nginx. --- src/nginx.conf.in | 1 + 1 file changed, 1 insertion(+) diff --git a/src/nginx.conf.in b/src/nginx.conf.in index b5d207f..ed926a3 100644 --- a/src/nginx.conf.in +++ b/src/nginx.conf.in @@ -52,6 +52,7 @@ http { ssl_certificate ${cert_pem}; ssl_certificate_key ${cert_key}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; add_header X-Frame-Options DENY; -- 2.1.0
Reviewed-by: Rodrigo Trujillo <rodrigo.trujillo@linux.vnet.ibm.com> On 02/19/2015 05:41 PM, Tulio Magno Quites Machado Filho wrote:
This patch helps to protect Kimchi against CVE-2014-3566 by completely disabling SSLv3 on nginx. --- src/nginx.conf.in | 1 + 1 file changed, 1 insertion(+)
diff --git a/src/nginx.conf.in b/src/nginx.conf.in index b5d207f..ed926a3 100644 --- a/src/nginx.conf.in +++ b/src/nginx.conf.in @@ -52,6 +52,7 @@ http {
ssl_certificate ${cert_pem}; ssl_certificate_key ${cert_key}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; add_header X-Frame-Options DENY;
participants (3)
-
Aline Manera -
Rodrigo Trujillo -
Tulio Magno Quites Machado Filho