Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

AEM: running with SSLv3 disabled to address POODLE or CVE-2014-3566 SSL exploit

miqk
Level 2
Level 2

Hi,

Does anyone know how to configure AEM, when listening on a HTTPS port, to NOT offer SSLv3 as one of the protocols?  I am referring to the CQ java application itself, not Apache/Dispatcher.

Reason being, there is a new security issue with client browsers using an SSLv3 https session, so I'd like to address the issue in CQ itself as well.

Thanks!

Michael C.

1 Reply
Sham_HC
Level 10
Level 10

Configure in felix console jetty service below properties.

org.apache.felix.http.cqse.disabled_cipher_suites
org.apache.felix.http.cqse.enabled_cipher_suites
org.apache.felix.https.cqse.protocols.included