Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update kong.yml to protect from POODLE ssl attack. #563

Merged
merged 1 commit into from
Sep 29, 2015
Merged

Update kong.yml to protect from POODLE ssl attack. #563

merged 1 commit into from
Sep 29, 2015

Conversation

rafael
Copy link
Contributor

@rafael rafael commented Sep 24, 2015

  • I was doing some ssl tests and noticed that the nginx default configuration in kong.yml doesn't prevents from POODLE attack. This change adds a config change that protects from this.

@rafael
Update kong.yml
9579515 
* Be explicit about the ssl protocols that are supported to protect from POODLE attack.
@thibaultcha
Copy link
Member

Thank you. While making this a default might enforce good practises, I would have expected users to setup their Kong as they setup their nginx. The nginx config is exposed to be deeply customizable.

thibaultcha added a commit that referenced this pull request Sep 29, 2015
@thibaultcha
Merge pull request #563 from rafael/patch-1
632886f 
Update kong.yml to protect from POODLE ssl attack.
@thibaultcha thibaultcha merged commit 632886f into Kong:master Sep 29, 2015
thibaultcha added a commit that referenced this pull request Sep 29, 2015
@thibaultcha
fix(test) fix config test after #563
6bff4b8
xvaara added a commit to xvaara/kong that referenced this pull request Oct 3, 2015
@xvaara
Merge remote-tracking branch 'Mashape/master'
99c0227 
* Mashape/master: (23 commits)
  Update README.md
  Update README.md
  Closing Kong#562
  Adding wait time before ratelimiting tests
  Fixing test
  fix(jwt) handle `iss` not being found in jwt credentials
  Update README.md
  docs(update) remove redundancy
  docs(update) fix layout
  fix(test) fix config test after Kong#563
  Update README.md
  Adding missing statement for Kong#571
  perf(analytics) global optimizations
  fix(plugins) make default config for plugins an empty object
  Closes Kong#445
  dbocs(changelog) 0.5.0 changes
  Better content-type check in response-transformer plugin
  Closes Kong#535
  Fixes the root problem at Kong#565
  fix(key-auth) remove support for key in request body
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@thibaultcha thibaultcha

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rafael @thibaultcha @sonicaghi