MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » April 2014

Re: Encryption methods on the i



fixed

Thank you,

I received yesterday a warning from VeriSign, along with a tool to check. The i passed the test.
___________________________________________________________________________________________________
Brian May wrote:

I have verified with a friend in IBM. The HTTP server on IBM I does not use OpenSSL. SSL for their webserver is IBM's own implementation so this vulnerability does not apply to it.
The OpenSSL version in PASE which can be used for other things is version 0.9.8 which also does not have the bug. So no matter what, you are not at risk for this issue.

Brian May
IBM i Modernization Specialist
Profound Logic Software
http://www.profoundlogic.com
937-439-7925 Phone
877-224-7768 Toll Free



Modernization Made Easy!
www.profoundlogic.com


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of AHoerle@xxxxxxxxxxxxx
Sent: Thursday, April 10, 2014 11:26 AM
To: Midrange Systems Technical Discussion
Subject: RE: Encryption methods on the i

It appears the latest version available is 0.9.8m per the PTF listing located at http://www-01.ibm.com/support/docview.wss?uid=nas8N1012172 so we should all be fine.
Not sure what you have or need to show a manager?
1. call qp2term 2. cd /QOpenSys/QIBM/UserData/SC1/OpenSSL 3. ls
On my system I see:
openssl-0.9.7d openssl-0.9.8j

Are we having fun yet???

Amy Hoerle
System Administrator
Think Mutual Bank
5200 Members Pkwy NW, Box 5949
Rochester, MN 55901

507-536-5815 or
800-288-3425 Ext 5815
ahoerle@xxxxxxxxxxxxx



From: "Jim Oberholtzer" <midrangel@xxxxxxxxxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx>
Date: 04/10/2014 08:51 AM
Subject: RE: Encryption methods on the i
Sent by: midrange-l-bounces@xxxxxxxxxxxx



The version of OpenSSL on the V7R1 and very recent PTFs that I have is 9.8 so that is before the problem.
--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Raul A. Jager W.
Sent: Thursday, April 10, 2014 8:50 AM
To: Midrange Systems Technical Discussion
Subject: Re: Encryption methods on the i

Does the apache in the i have the vulnerability?

Bradley Stone wrote:


Is there a reason that you can't just use SSL or TLS for the transmission (either over FTP or HTTP)?

Of course, making sure your OpenSSL is patched first. :)

Why add a layer of complexity on both ends when you can have the system do it for you?

Brad
www.bvstools.com


On Wed, Apr 9, 2014 at 11:15 AM, Charles Wilt

<charles.wilt@xxxxxxxxx>wrote:



The API's David pointed out are what you want.

Realize that you'll need to open the file in binary mode and the the decrypted results will be in ASCII.

Charles


On Wed, Apr 9, 2014 at 12:07 PM, Jeff Young <jyoung0950@xxxxxxxxx>

wrote:



Based on the information I have at this time, they want to just encrypt



the



data on their system (non ibm i) before transmission to prevent unauthorized access.
They are sending ascii csv data, so the records and fields with them are varying length.

Jeff Young
Sr. Programmer Analyst


On Wed, Apr 9, 2014 at 10:55 AM, <rob@xxxxxxxxx> wrote:




Encrypting the actual data, or the communication?
For example, I could use sftp to transfer files encrypted between two systems. That would encrypt the communications but not the actual data itself. You could put a sniffer on that comm but you would not be able



to



make any sense out of that.
Many people use free sftp between disparate entities.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: Jeff Young <jyoung0950@xxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx


Date: 04/09/2014 10:42 AM
Subject: Encryption methods on the i
Sent by: midrange-l-bounces@xxxxxxxxxxxx



All,
I have a client that is presently sending files from another system



(not



i)
to the IFS in CSV format..
They are planning to encrypt the data prior to transmission and my



program



will need to decrypt it before processing.

What encryption / decryption methods are available on the i to do

this?

At this time, the client has not chosen an encryption method and they



want



to ensure that the decryption process is available for the i.

At this time, they are not looking for a commercial solution, and I



would



prefer a solution that could be used an ILE RPG program, or a system command.

TIA,

Jeff Young
Sr. Programmer Analyst
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing



list



To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.





--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing



list



To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.





--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.






--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.







Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact