From 5fdb474f9523ee6728f447edc21e44ae8d9a0229 Mon Sep 17 00:00:00 2001
From: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Date: Sat, 18 Oct 2014 13:53:55 +0200
Subject: [PATCH] added comment about POODLE vulnerability to https
 configuration

---
 scm-server/src/main/conf/server-config.xml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/scm-server/src/main/conf/server-config.xml b/scm-server/src/main/conf/server-config.xml
index f55553ab45..d3424affa3 100644
--- a/scm-server/src/main/conf/server-config.xml
+++ b/scm-server/src/main/conf/server-config.xml
@@ -142,9 +142,23 @@
      http://wiki.eclipse.org/Jetty/Reference/SSL_Connectors
   -->
   <!--
+  Besure SSLv3 protocol is excluded to avoid POODLE vulnerability.
+  See https://groups.google.com/d/msg/scmmanager/sX_Ydy-wAPA/-Dvs5i7RHtQJ
+  -->
+  <!--
   <Call name="addConnector">
     <Arg>
       <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
+        <Arg>
+          <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
+            <Set name="excludeProtocols">
+              <Array type="java.lang.String">
+                <Item>SSLv2Hello</Item>
+                <Item>SSLv3</Item>
+              </Array>
+            </Set>
+          </New>
+        </Arg>
         <Set name="Port">8181</Set>
         <Set name="maxIdleTime">30000</Set>
         <Set name="requestHeaderSize">16384</Set>