[Kimchi-devel] [PATCH] Disable SSL on nginx
Rodrigo Trujillo
rodrigo.trujillo at linux.vnet.ibm.com
Mon Feb 23 12:55:03 UTC 2015
Reviewed-by: Rodrigo Trujillo <rodrigo.trujillo at linux.vnet.ibm.com>
On 02/19/2015 05:41 PM, Tulio Magno Quites Machado Filho wrote:
> This patch helps to protect Kimchi against CVE-2014-3566 by completely
> disabling SSLv3 on nginx.
> ---
> src/nginx.conf.in | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/src/nginx.conf.in b/src/nginx.conf.in
> index b5d207f..ed926a3 100644
> --- a/src/nginx.conf.in
> +++ b/src/nginx.conf.in
> @@ -52,6 +52,7 @@ http {
>
> ssl_certificate ${cert_pem};
> ssl_certificate_key ${cert_key};
> + ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
>
> add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
> add_header X-Frame-Options DENY;
More information about the Kimchi-devel
mailing list