Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Does SSL config need to be improved? #209

Closed
gsabran opened this issue Aug 9, 2016 · 5 comments
Closed

Does SSL config need to be improved? #209

gsabran opened this issue Aug 9, 2016 · 5 comments

Comments

@gsabran
Copy link
Contributor

gsabran commented Aug 9, 2016

I don't much about the SSL settings, but looking at the forks I've seen that commit: ckiely91@f8afc13
Is there something to improve with the SSL setup security?

@gsabran gsabran changed the title Does SSL config needs to be improved? Does SSL config need to be improved? Aug 9, 2016
@MattiSG
Copy link

MattiSG commented Aug 23, 2016

Yes, see #1056 and #963 for example, and meteorhacks/mup-frontend-server#14 for the canonical reason. Currently, the default mupx deployment is vulnerable to CVE2016-2107.

@shadowcodex
Copy link
Collaborator

Is this still a vulnerability?

@shadowcodex
Copy link
Collaborator

@zodern have you looked into this already?

@zodern
Copy link
Owner

zodern commented Mar 7, 2017

It is. Switching to nginx-proxy will fix this.

@zodern
Copy link
Owner

zodern commented Aug 11, 2017

This is fixed when using the reverse proxy for ssl.

@zodern zodern closed this as completed Aug 11, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants