SCM-Manager and the POODLE vulnerability
Posted on 2014-10-18 by Sebastian Sdorra
If you are using scm-server with a configured https connector, please be sure that you exclude the SSLv3 protocol to avoid the POODLE vulnerability.
Add the following xml elements to your https connector in your server-config.xml:
<Arg>
<New class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="excludeProtocols">
<Array type="java.lang.String">
<Item>SSLv2Hello</Item>
<Item>SSLv3</Item>
</Array>
</Set>
</New>
</Arg>
The complete connector section should now be…
Posted in scm-manager, security