AnsweredAssumed Answered

alfresco CE 5.0.b - vti server jetty ( sharepoint) disable sslv3

Question asked by csyeow on Dec 16, 2014
Latest reply on Dec 17, 2014 by csyeow
hi ..

env:

os = centos 6.5
alfresco = 5.0.b
vti server (jetty ) sharepoint = running in https port 7070



do any one know how to disable sslv3 (  POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability ) on vti server ( jetty ). currently running on https .


Vulnerability scanner detect as below , any solution to fix this . tq

1. POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability  –> CVE:    CVE-2014-3566
2. Missing Secure Attribute SSL Cookie Information Disclosure Vulnerability –> Workaround: Set the 'secure' attribute for any cookies that are sent over an SSL connection. how to set ?

3. Check for SSL Weak Ciphers –> how to change to strong ssl ciphers
Weak ciphers offered by this service:
  SSL3_RSA_RC4_128_MD5
  SSL3_RSA_RC4_128_SHA
  SSL3_ECDHE_RSA_WITH_RC4_128_SHA
  TLS1_RSA_RC4_128_MD5
  TLS1_RSA_RC4_128_SHA
  TLS1_ECDHE_RSA_WITH_RC4_128_SHA

4. Missing httpOnly Cookie Attribute –>solution, Set the 'httpOnly' attribute for any session cookies. how?

hope some one able to help

tq ..

Outcomes