diff options
Diffstat (limited to 'doc/security/crime_vulnerability.md')
-rw-r--r-- | doc/security/crime_vulnerability.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/security/crime_vulnerability.md b/doc/security/crime_vulnerability.md index 8288f7f6a74..7956e692887 100644 --- a/doc/security/crime_vulnerability.md +++ b/doc/security/crime_vulnerability.md @@ -19,7 +19,7 @@ The TLS Protocol CRIME Vulnerability affects systems that use data compression over HTTPS. Your system might be vulnerable to the CRIME vulnerability if you use SSL Compression (for example, Gzip) or SPDY (which optionally uses compression). -GitLab supports both Gzip and [SPDY](http://nginx.org/en/docs/http/ngx_http_spdy_module.html) and mitigates the CRIME +GitLab supports both Gzip and [SPDY](https://nginx.org/en/docs/http/ngx_http_spdy_module.html) and mitigates the CRIME vulnerability by deactivating Gzip when HTTPS is enabled. The sources of the files are here: @@ -58,7 +58,7 @@ vulnerability. ## References -- NGINX ["Module `ngx_http_spdy_module`"](http://nginx.org/en/docs/http/ngx_http_spdy_module.html) +- NGINX ["Module `ngx_http_spdy_module`"](https://nginx.org/en/docs/http/ngx_http_spdy_module.html) - Tenable Network Security, Inc. ["Transport Layer Security (TLS) Protocol CRIME Vulnerability"](https://www.tenable.com/plugins/index.php?view=single&id=62565) - Wikipedia contributors, ["CRIME"](https://en.wikipedia.org/wiki/CRIME) Wikipedia, The Free Encyclopedia |