V7R1, R&D LPAR, 8205, 10k spinny, adequate resources, SI57922 applied on 9/22/15, no issues with admin instances.


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Tuesday, September 29, 2015 8:55 AM
To: Midrange Systems Technical Discussion
Subject: Re: IBM ADMIN Instance Error

I just put on PTF's the weekend of 2015-09-18 and could not get into my admin instance http://myibmi:2001 This affected both my 7.1 and 7.2 lpars.
I remembered this recent thread (but couldn't search for it for the life of me!) I ended up just going backwards through the archive website. I knew it was very recent.
Thanks to Bryan Dietz for his posting of
And thanks to Nadir Amra for the posting of the PTF's at that location.
SI57921 V6R1M0
SI57922 V7R1M0
SI57923 V7R2M0

I did one lpar by hand as per the instructions. That worked fine.
I did another lpar by following the cover letter for SI57923. That worked. I even checked the stuff listed in the manual steps and it is identical. The second lpar seemed to have some quirks first starting and I was getting internal server error. Then again the first lpar is on an
824 with all SSD and adequate memory and processor. The second lpar is a 'sandbox' lpar on a 814 with spinning disks and much less memory and processor. After awhile it worked fine.

I suspect that SI57923 may not make it to a cume or group just in case people are using ancient browsers. Therefore you may have to continue to order this separately. Then again, they had no problem issuing the PTF which broke it for the new browsers (or was it a Windows patch roll out which blew this out of the water?).

Need to automatically disable SSL Version 3 for
the HTTP ADMIN server, so that port 2005 will
only use TLS. This is to address concerns about
CVE-2014-3566 (POODLE).


In order for the admin2 server to be
moved to the SSL TLS level, you will
need to end the HTTP ADMIN server and
then restart the server. This can be
done using the following command:

followed by the following command:


Search words:
"IBM Navigator for i"
Port 2001
cume ptf
group ptfs
Port 2005

Rob Berendt
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755

From: Bryan Dietz <bdietz400@xxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date: 09/17/2015 08:32 AM
Subject: Re: IBM ADMIN Instance Error
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>

sounds like the problem I had last week.

IBM had me Follow steps in this document to resolve the SSL Exception
How to Disable SSL Version 3 for HTTP Admin (Port 2005) - CVE-2014-3566



Art Duarte wrote on 9/16/2015 3:44 PM:

Anyone have an idea what this error means when trying to access the IBM
admin page (<host ip>:2001)

Cannot communicate securely with peer: no common encryption
algorithm(s). (Error code: ssl_error_no_cypher_overlap)

A secure connection cannot be established because this site uses an
unsupported protocol.

Sometime ago I was messing with the QSSLCSL , QSSLCSLCTL,QSSLPCL values.
Here are the values:


Cipher control . . . . : *OPSYS


Not Sure if that has anything to do with error, or something else. Your
help is much appreciated.

Thank you
Art Duarte

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].