summaryrefslogtreecommitdiff
path: root/doc/security/crime_vulnerability.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/security/crime_vulnerability.md')
-rw-r--r--doc/security/crime_vulnerability.md4
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/security/crime_vulnerability.md b/doc/security/crime_vulnerability.md
index 9a43f5dfca8..a8dee8f589a 100644
--- a/doc/security/crime_vulnerability.md
+++ b/doc/security/crime_vulnerability.md
@@ -5,7 +5,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
type: reference
---
-# How we manage the TLS protocol CRIME vulnerability
+# How we manage the TLS protocol CRIME vulnerability **(FREE SELF)**
[CRIME](https://en.wikipedia.org/w/index.php?title=CRIME&oldid=692423806) is a security exploit against
secret web cookies over connections using the HTTPS and SPDY protocols that also
@@ -23,7 +23,7 @@ GitLab supports both Gzip and [SPDY](http://nginx.org/en/docs/http/ngx_http_spdy
vulnerability by deactivating Gzip when HTTPS is enabled. The sources of the
files are here:
-- [Source installation NGINX file](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/support/nginx/gitlab-ssl)
+- [Source installation NGINX file](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/support/nginx/gitlab-ssl)
- [Omnibus installation NGINX file](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb)
Although SPDY is enabled in Omnibus installations, CRIME relies on compression
View Lorry Controller Status