× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. December 2016

RE: V7R1 is not supported anymore (at least for SSL ciphers)

IMHO... If IBM supports the release (i.e V7R1) then SSL vulnerabilities
including the deprecating of weak ciphers
and replacement with other stronger ciphers should be included in that
support.

As for IBMi's SSL support: I thought the the base IBMi SSL support was
based on the IBM Global Security Kit
and that the OpenSSL stack was only used for the IBMi open systems tools?

We are down to 5 ciphers available (after deprecating the weak ciphers) on
V7R1.

As to release upgrades, the process is well documented and pretty straight
forward. Our issue (at least for us)
is not the cost it is the very diverse workloads that we run in our IBMi
environment and how effectively we
can test the application interdependencies after the upgrade.

During our last upgrade to V7R1, IBM had totally changed the way threads
were handled in the IBMi HTTP
server. Under low testing load (less than 20 users) we had no issues and
thought the upgrade had gone smoothly,
However, When we put it in full production teh web servers and site cam e
to a complete crawl due to mutex waits.

We now include load stress testing via automated web scripts/crawlers in
our pre and post test planning.

Jim

Jim W Grant
Senior VP, Chief Information Officer
Web: www.pdpgroupinc.com




From: Jim Oberholtzer <midrangel@xxxxxxxxxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'"
<midrange-l@xxxxxxxxxxxx>
Date: 12/20/2016 09:41 AM
Subject: RE: V7R1 is not supported anymore (at least for SSL
ciphers)
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



The other reason folks don't upgrade as fast as you (and I would) like
them
to is regulatory requirements. Often times the regulators require actions
no sane person would consider and that slows the entire process down. If
you have the SEC or Banks to worry about then your ability to upgrade
becomes significantly more difficult.

Now add in little things like the ciphers, SMB2, and a few other small but
deadly landmines and you have a more difficult series of decisions to make
and actions to take.

And like Larry said, those of us that do these all the time remember all
the
landmines we've already stepped on and avoid them. Folks that do it once
every three years tend to step on the same ones year after year.

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
DrFranken
Sent: Tuesday, December 20, 2016 8:30 AM
To: Midrange Systems Technical Discussion
Subject: Re: V7R1 is not supported anymore (at least for SSL ciphers)


Maybe if they really want folks to upgrade OS versions more often >
they'd make it easier and much less expensive.


Well it's already free so that's off the table. Unless you have no support
that is in which case it's 'unobtanium' so you're stuck.

Of course there are the odd vendors who want $$$$ for a key for the new
version that supports release +1. That's both stupid (as long as you're on
support with them) and not on IBM.

As to easy that's a matter of opinion. I think it's very straightforward,
even easy, and I know several on the list that would agree with that.

However for many it's like me changing the starter on my Son's car. I
could
describe the process in detail. I know the tools required, the approximate
time line, and parts needed. I could not, ore more likely WOULD not
attempt
that work on my own. Just No. Too many things could go wrong for the few
dollars I'd save by not having a processional do it.
And just like an IBM i upgrade I hope to do it infrequently and I would
forget things by the next time I need to do so.


- Larry "DrFranken" Bolhuis

www.Frankeni.com
www.iDevCloud.com - Personal Development IBM i timeshare service.
www.iInTheCloud.com - Commercial IBM i Cloud Hosting.

On 12/20/2016 9:19 AM, Bradley Stone wrote:
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link:
http://amzn.to/2dEadiD


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.