× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. December 2016

RE: V7R1 Updated SSL Ciphers RFE Link please vote!

This problem is only going to escalate with all the Sha1 certs expiring 06/30/17.
Everyone needs to be on Sha256 starting 7/1/17.

Paul

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rob Berendt
Sent: Wednesday, December 21, 2016 9:55 AM
To: Midrange Systems Technical Discussion
Subject: Re: V7R1 Updated SSL Ciphers RFE Link please vote!

<snip>
And server side applications are all but required to update their SSL certificates to newer Ciphers to be compliant.
</snip>
Apparently there are exceptions if your business only handles peoples money and stuff; like banks. Then you can continue to run the lesser ciphers.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: Bradley Stone <bvstone@xxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date: 12/21/2016 09:49 AM
Subject: Re: V7R1 Updated SSL Ciphers RFE Link please vote!
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



On Wed, Dec 21, 2016 at 8:28 AM, Vernon Hamberg <vhamberg@xxxxxxxxxxxxxxx>
wrote:

We on the CAAC are aware of the problems and that we have not solved
them
all.

And we are looking closely at the RFE process that has much to recommend
(heh) it. To Larry's concern, yes, we want to continue to find a way to
work that process so that we can still serve as that buffer. Perhaps to
find a way that people can indicate that they identify themselves as
submitting the request as a COMMON member.


Would being a member of COMMON matter as far as priority or attention it
gets? If so, I don't think that's the right path either. Nothing against
COMMON or the CAAC or the board (Hi Amy!).

I can also see from the discussion on linked in that some don't even
understand the issue quite right.

I am hoping IBM does understand as they have many customers on V7R1 that
use "client" software (FTPS, HTTPAPI, GETURI, etc) that don't have a
choice
as to which cipher to use. That choice is made by the server we are
connecting to. The client has NO choice in the Cipher. And server side
applications are all but required to update their SSL certificates to
newer
Ciphers to be compliant.

Brad
www.bvstools.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.