× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



I have verified with a friend in IBM. The HTTP server on IBM I does not use OpenSSL. SSL for their webserver is IBM's own implementation so this vulnerability does not apply to it.

The OpenSSL version in PASE which can be used for other things is version 0.9.8 which also does not have the bug. So no matter what, you are not at risk for this issue.

Brian May
IBM i Modernization Specialist
Profound Logic Software
http://www.profoundlogic.com
937-439-7925 Phone
877-224-7768 Toll Free



Modernization Made Easy!
www.profoundlogic.com
         


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of AHoerle@xxxxxxxxxxxxx
Sent: Thursday, April 10, 2014 11:26 AM
To: Midrange Systems Technical Discussion
Subject: RE: Encryption methods on the i

It appears the latest version available is 0.9.8m per the PTF listing located at http://www-01.ibm.com/support/docview.wss?uid=nas8N1012172 so we should all be fine.

Not sure what you have or need to show a manager?

1. call qp2term
2. cd /QOpenSys/QIBM/UserData/SC1/OpenSSL
3. ls

On my system I see:
openssl-0.9.7d openssl-0.9.8j


Are we having fun yet???

Amy Hoerle
System Administrator
Think Mutual Bank
5200 Members Pkwy NW, Box 5949
Rochester, MN 55901

507-536-5815 or
800-288-3425 Ext 5815
ahoerle@xxxxxxxxxxxxx



From: "Jim Oberholtzer" <midrangel@xxxxxxxxxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'"
<midrange-l@xxxxxxxxxxxx>
Date: 04/10/2014 08:51 AM
Subject: RE: Encryption methods on the i
Sent by: midrange-l-bounces@xxxxxxxxxxxx



The version of OpenSSL on the V7R1 and very recent PTFs that I have is 9.8 so that is before the problem.

--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Raul A. Jager W.
Sent: Thursday, April 10, 2014 8:50 AM
To: Midrange Systems Technical Discussion
Subject: Re: Encryption methods on the i

Does the apache in the i have the vulnerability?

Bradley Stone wrote:

Is there a reason that you can't just use SSL or TLS for the
transmission (either over FTP or HTTP)?

Of course, making sure your OpenSSL is patched first. :)

Why add a layer of complexity on both ends when you can have the system
do it for you?

Brad
www.bvstools.com


On Wed, Apr 9, 2014 at 11:15 AM, Charles Wilt
<charles.wilt@xxxxxxxxx>wrote:



The API's David pointed out are what you want.

Realize that you'll need to open the file in binary mode and the the
decrypted results will be in ASCII.

Charles


On Wed, Apr 9, 2014 at 12:07 PM, Jeff Young <jyoung0950@xxxxxxxxx>
wrote:



Based on the information I have at this time, they want to just
encrypt


the


data on their system (non ibm i) before transmission to prevent
unauthorized access.
They are sending ascii csv data, so the records and fields with them
are varying length.

Jeff Young
Sr. Programmer Analyst


On Wed, Apr 9, 2014 at 10:55 AM, <rob@xxxxxxxxx> wrote:



Encrypting the actual data, or the communication?
For example, I could use sftp to transfer files encrypted between
two systems. That would encrypt the communications but not the
actual data itself. You could put a sniffer on that comm but you
would not be able


to


make any sense out of that.
Many people use free sftp between disparate entities.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: Jeff Young <jyoung0950@xxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx


Date: 04/09/2014 10:42 AM
Subject: Encryption methods on the i
Sent by: midrange-l-bounces@xxxxxxxxxxxx



All,
I have a client that is presently sending files from another system


(not


i)
to the IFS in CSV format..
They are planning to encrypt the data prior to transmission and my


program


will need to decrypt it before processing.

What encryption / decryption methods are available on the i to do
this?
At this time, the client has not chosen an encryption method and
they


want


to ensure that the decryption process is available for the i.

At this time, they are not looking for a commercial solution, and I


would


prefer a solution that could be used an ILE RPG program, or a system
command.

TIA,

Jeff Young
Sr. Programmer Analyst
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing


list


To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
http://archive.midrange.com/midrange-l.




--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing


list


To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.




--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.





--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.