Self-Solve Knowledge Search

Minimize Maximize
AGM SSL configuration best practice
Title :
AGM SSL configuration best practice
Document ID :
Product - Version:
agile manager 2.0 2.1 2.20 2.30 2.40 ;
OS :
Updated :
Thu Jan 21 16:19:26 GMT 2016
Summary :
This is a best practice article about how to configure AGM SSL

This article provides a best practice for configuring the AGM SSL properly. Proper SSL configuration disables weak protocol(SSLv3) and enables only strong ciphers and thus mitigates your AGM instance against:

1. Poodle SSL vulnerability.
2. Bar Mitzvah vulnerability.
3. LogJam vulnerability.


To configure the SSL settings correctly,  please add the highlighted parts to the definition of the Jetty SSL connector:

<Configure id="Server" class="org.eclipse.jetty.server.Server">

  <New id="sslContextFactory" class="org.eclipse.jetty.http.ssl.SslContextFactory">
     <Set name="ExcludeProtocols">
         <Array type="java.lang.String">            

  <Call name="addConnector">
      <New class="org.eclipse.jetty.server.ssl.SslSocketConnector">
        <Arg><Ref id="sslContextFactory" /></Arg>
        <Set name="IncludeCipherSuites">
          <Array type="java.lang.String">