AGM SSL configuration best practice

  • KM02061609
  • 18-Jan-2016
  • 21-Jan-2016


This is a best practice article about how to configure AGM SSL


This article provides a best practice for configuring the AGM SSL properly. Proper SSL configuration disables weak protocol(SSLv3) and enables only strong ciphers and thus mitigates your AGM instance against:

1. Poodle SSL vulnerability.
2. Bar Mitzvah vulnerability.
3. LogJam vulnerability.


To configure the SSL settings correctly,  please add the highlighted parts to the definition of the Jetty SSL connector:

<Configure id="Server" class="org.eclipse.jetty.server.Server">

  <New id="sslContextFactory" class="org.eclipse.jetty.http.ssl.SslContextFactory">
     <Set name="ExcludeProtocols">
         <Array type="java.lang.String">            

  <Call name="addConnector">
      <New class="org.eclipse.jetty.server.ssl.SslSocketConnector">
        <Arg><Ref id="sslContextFactory" /></Arg>
        <Set name="IncludeCipherSuites">
          <Array type="java.lang.String">