From 957951586742971f6caf102e300a91bdfe87f06d Mon Sep 17 00:00:00 2001
From: Rafael Chacon <rafaelchacon@gmail.com>
Date: Wed, 23 Sep 2015 22:34:46 -0700
Subject: [PATCH] Update kong.yml

* Be explicit about the ssl protocols that are supported to protect from POODLE attack.
---
 kong.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kong.yml b/kong.yml
index 4b9cbb1ad468..b627009aacb7 100644
--- a/kong.yml
+++ b/kong.yml
@@ -144,6 +144,7 @@ nginx: |
 
       ssl_certificate {{ssl_cert}};
       ssl_certificate_key {{ssl_key}};
+      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;# omit SSLv3 because of POODLE (CVE-2014-3566)
 
       location / {
         default_type 'text/plain';