diff options
Diffstat (limited to 'doc/security')
-rw-r--r-- | doc/security/crime_vulnerability.md | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/doc/security/crime_vulnerability.md b/doc/security/crime_vulnerability.md index 94ba5d1375d..d61a205d954 100644 --- a/doc/security/crime_vulnerability.md +++ b/doc/security/crime_vulnerability.md @@ -17,8 +17,8 @@ GitLab supports both gzip and [SPDY][ngx-spdy] and mitigates the CRIME vulnerability by deactivating gzip when HTTPS is enabled. You can see the sources of the files in question: -* [Source installation NGINX file][source-nginx] -* [Omnibus installation NGINX file][omnibus-nginx] +- [Source installation NGINX file][source-nginx] +- [Omnibus installation NGINX file][omnibus-nginx] Although SPDY is enabled in Omnibus installations, CRIME relies on compression (the 'C') and the default compression level in NGINX's SPDY module is 0 @@ -52,9 +52,9 @@ vulnerability. ### References -* Nginx ["Module ngx_http_spdy_module"][ngx-spdy] -* Tenable Network Security, Inc. ["Transport Layer Security (TLS) Protocol CRIME Vulnerability"][nessus] -* Wikipedia contributors, ["CRIME"][wiki-crime] Wikipedia, The Free Encyclopedia +- Nginx ["Module ngx_http_spdy_module"][ngx-spdy] +- Tenable Network Security, Inc. ["Transport Layer Security (TLS) Protocol CRIME Vulnerability"][nessus] +- Wikipedia contributors, ["CRIME"][wiki-crime] Wikipedia, The Free Encyclopedia [source-nginx]: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab-ssl [omnibus-nginx]: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb |