Skip to first unread message
Michael Oliver
Oct 17, 2014, 1:46:52 PM10/17/14
to scmma...@googlegroups.com
I spent a small chunk of time trying to figure out how to disable SSLv3 (due to POODLE) with the SCM-Manager bundle.
Here's what I did:
1. Edit /opt/scm-server/conf/server-config.xml
2. Goto the "SSL-Connector" make the following edits.
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Arg>
<New class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="ExcludeProtocols">
<Array type="java.lang.String">
<Item>SSLv3</Item>
</Array>
</Set>
</New>
</Arg>
<Set name="Port">....</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="requestHeaderSize">16384</Set>
<Set name="keystore"><SystemProperty name="basedir" default="."..........................</Set>
<Set name="password">........................</Set>
<Set name="keyPassword">.................................</Set>
<Set name="truststore"><SystemProperty name="basedir" default="." ...........................</Set>
<Set name="trustPassword">...................................</Set>
</New>
</Arg>
</Call>
3. The importand section is:
<Arg>
<New class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="ExcludeProtocols">
<Array type="java.lang.String">
<Item>SSLv3</Item>
</Array>
</Set>
</New>
</Arg>
The rest of the config (for me) could remain the same. Add anything else you need, as well.
Hope this saves someone a bit of tim.
Here's what I did:
1. Edit /opt/scm-server/conf/server-config.xml
2. Goto the "SSL-Connector" make the following edits.
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Arg>
<New class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="ExcludeProtocols">
<Array type="java.lang.String">
<Item>SSLv3</Item>
</Array>
</Set>
</New>
</Arg>
<Set name="Port">....</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="requestHeaderSize">16384</Set>
<Set name="keystore"><SystemProperty name="basedir" default="."..........................</Set>
<Set name="password">........................</Set>
<Set name="keyPassword">.................................</Set>
<Set name="truststore"><SystemProperty name="basedir" default="." ...........................</Set>
<Set name="trustPassword">...................................</Set>
</New>
</Arg>
</Call>
3. The importand section is:
<Arg>
<New class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="ExcludeProtocols">
<Array type="java.lang.String">
<Item>SSLv3</Item>
</Array>
</Set>
</New>
</Arg>
The rest of the config (for me) could remain the same. Add anything else you need, as well.
Hope this saves someone a bit of tim.
Sebastian Sdorra
Oct 18, 2014, 8:25:19 AM10/18/14
to scmma...@googlegroups.com
Thanks, i've updated the comments in the server-config.xml [1], the wiki page for the ssl configuration [2] and created a blog post [3].
Sebastian
--
You received this message because you are subscribed to the Google Groups "scmmanager" group.
To unsubscribe from this group and stop receiving emails from it, send an email to scmmanager+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages