Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/security/crime_vulnerability.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/security/crime_vulnerability.md')
-rw-r--r--doc/security/crime_vulnerability.md4
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/security/crime_vulnerability.md b/doc/security/crime_vulnerability.md
index e5d8d858df2..39cd8f8e074 100644
--- a/doc/security/crime_vulnerability.md
+++ b/doc/security/crime_vulnerability.md
@@ -27,7 +27,7 @@ files are here:
- [Omnibus installation NGINX file](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb)
Although SPDY is enabled in Omnibus installations, CRIME relies on compression
-(the 'C') and the default compression level in NGINX's SPDY module is 0
+(the 'C') and the default compression level in the NGINX SPDY module is 0
(no compression).
## Nessus
@@ -50,7 +50,7 @@ The following configuration indicates that the remote service may be vulnerable
SPDY support earlier than version 4 is advertised.
```
-From the report above it is important to note that Nessus is only checking if
+The report above indicates that Nessus is only checking if
TLS advertises the SPDY protocol earlier than version 4. It does not perform an
attack nor does it check if compression is enabled. The Nessus scanner alone
cannot tell that SPDY compression is disabled and not subject to the CRIME
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-15 23:26:09 +0300