Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

AEM: running with SSLv3 disabled to address POODLE or CVE-2014-3566 SSL exploit

Avatar

Level 2

Hi,

Does anyone know how to configure AEM, when listening on a HTTPS port, to NOT offer SSLv3 as one of the protocols?  I am referring to the CQ java application itself, not Apache/Dispatcher.

Reason being, there is a new security issue with client browsers using an SSLv3 https session, so I'd like to address the issue in CQ itself as well.

Thanks!

Michael C.

1 Reply

Avatar

Level 10

Configure in felix console jetty service below properties.

org.apache.felix.http.cqse.disabled_cipher_suites
org.apache.felix.http.cqse.enabled_cipher_suites
org.apache.felix.https.cqse.protocols.included