MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » April 2014

RE: IBM i Apache HTTP server



fixed

Related, if you have any WEB Services, I've noticed various versions (V1.3 , V1.5).
V1.3 QHTTPSVR 7.1 JVM version 1.5
V1.5 QHTTPSVR 8.1 JVM version 1.6
An older version would not see the changes included in the newer version.
I had to delete the WEB Service, recreate it for it to be current.

Any idea why IBM would handle the HTTP instances differently than WEB services.

Paul

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Tuesday, April 15, 2014 9:24 AM
To: Midrange Systems Technical Discussion
Subject: RE: IBM i Apache HTTP server

I also suggest opening up a ticket. If you the exact "CVE" numbers from the Qualys report this will make a HUGE difference.
I recently had a ticket with IBM and their old obsolete bind that Qualys reports quaked about. It was going nowhere until I added the exact CVE numbers to the PMR. That got the ball rolling. It still took them months to resolve this but they at least admitted they needed to address those.


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: "Jim Oberholtzer" <midrangel@xxxxxxxxxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'"
<midrange-l@xxxxxxxxxxxx>
Date: 04/15/2014 08:55 AM
Subject: RE: IBM i Apache HTTP server
Sent by: midrange-l-bounces@xxxxxxxxxxxx



The folks that can answer that question monitor the list and most likely
will respond to the list or let me know. In short, I don't know off hand.


--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Mike Cunningham
Sent: Tuesday, April 15, 2014 7:14 AM
To: Midrange Systems Technical Discussion
Subject: RE: IBM i Apache HTTP server

Thanks Jim. That is good to know and the link is very helpful for
auditors.
I know it's not a PCI issue but support of perfect forward secrecy appears
to be what many of the scanning tools like Qualys SSL labs
https://www.ssllabs.com/ssltest/ check for PFS and recommend that it be
enabled. Even if IBM does not move to a new version of the Apache server
do
you think they might implement PFS on the 2.2.11 version?


Mike Cunningham
VP of Information Technology Services/CIO Pennsylvania College of
Technology



-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Oberholtzer
Sent: Tuesday, April 15, 2014 8:05 AM
To: 'Midrange Systems Technical Discussion'
Subject: RE: IBM i Apache HTTP server

IBM contacted me to give this further information:


While the level of the Apache server that was ported is indeed 2.2.11, it
is
by no means not current nor is not NOT PCI Compliant. Every security
patch
that has been released that actually applies to IBM i has been included in
the IBM HTTP Server.

These details are documented on out IBM i HTTP Server product page.

Http://www-03.ibm.com/systems/power/software/i/http/support/pci-compliance.h

tml

--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jon Paris
Sent: Monday, April 14, 2014 6:02 PM
To: Midrange Systems Technical Discussion
Subject: Re: IBM i Apache HTTP server

Don't know why you have the concern Mike but some time back we raised a
similar question. In our case the "old" version was causing queries in our
PCI compliance testing. We were assured by IBM at the time that all
security
fixes had been addressed in the IBM i version - they just hadn't rebuilt
using the latest versions.


On 2014-04-14, at 6:58 PM, Jim Oberholtzer <midrangel@xxxxxxxxxxxxxxxxx>
wrote:

V7R2 is reported to have a new version of Apache.

--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Mike Cunningham
Sent: Monday, April 14, 2014 1:12 PM
To: Midrange Systems Technical Discussion
Subject: IBM i Apache HTTP server

We are running V7.1 at the most recent technology release level and
with patches only a few months old. Our Apache version reports that it
is 2.2.11 which according to this site
http://www.apachehaus.com/index.php?option=com_content&view=article&id
=119&I
temid=104 was released in 2008 and has had 19 newer releases and there
is a version 2.4.x that was first released in 2012 and is currently at
2.4.9 which was released just a month ago.

Does anyone know when IBM might be providing a newer version of their
implementation of Apache for IBM i platform?

Thanks

Mike Cunningham
VP of Information Technology Services/CIO Pennsylvania College of
Technology


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.


Jon Paris

www.partner400.com
www.SystemiDeveloper.com




--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.







Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact