× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. December 2015

Re: Client Access, Access Client and certificates

Paul,

If the software vendors are using the system SSL APIs then software updates
shouldn't be needed unless they have settings hard-coded. By default the
APIs "should" use the system settings. I say "should" because they don't
always.

I went through this with a customer using our GETURI software that uses
SSL. We had ours set to use the system SSL settings and for some reason it
wasn't in this case.

The situation is described here:
http://www.fieldexit.com/forum/display?threadid=170

So, I added a flag to our software to get around that while IBM fixed their
stuff. :)

Anyhow, expect more SSL problems down the road. It's been pretty bumpy.
With forcing everyone to move to new versions it's going to also force many
V5Rx and V6Rx users to V7Rx... (and consequently new hardware most likely).

Brard
www.bvstools.com

On Sat, Dec 19, 2015 at 1:29 PM, Steinmetz, Paul <PSteinmetz@xxxxxxxxxx>
wrote:

Mike,

There have been several SSL PTFs recently.
These have all been related to disabling SSLv2, SSLv3, and TLSv1.0, only
allowing TLSv1.1 or TLSv1.2.
Along with this is disabling SHA1 certs, using new SHA256 certs.
SHA1 certs will be expiring, and will not be able to be renewed.
If the remote device, whether be a desktop or sever, was using one of the
older versions and/or certs, and not updated for the new, this would
cause a failure.
We also had issues with 3rd party i5 products, still waiting for those
TLSv1.1 upgrades..
There are more changes scheduled for 2016.
We were just informed that if our credit card system is running TLSv1.0 on
7/1/2016, credit cards will stop working because the banks will no longer
be accepting TLSv1.0.
We are currently awaiting for the TLSv1.1 upgrade from Curbstone.

I now have a SSL socket trace running on a daily basis, monitoring all the
SSL versions and certs being used.

Paul


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.