× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



I just installed the latest CUM a couple days ago for V7R3 and still see
the Cipher list including the RSA ciphers.

Bradley V. Stone
www.bvstools.com
MAILTOOL Benefit #16 <https://www.bvstools.com/mailtool.html>: No external
"helper" PC system required. 100% IBM i native!

On Tue, Jan 2, 2018 at 4:34 PM, Steinmetz, Paul <PSteinmetz@xxxxxxxxxx>
wrote:

Has IBM released any V7R1, V7R2, V7R3 PTFs to correct this issue, I'm not
finding any?



https://www.csa.gov.sg/singcert/news/advisories-
alerts/alert-on-the-return-of-bleichenbacher-oracle-threat-robot-attack



Impact

An attacker may be able to derive the TLS session key and fully decrypt
the TLS traffic to access any sensitive information that is transmitted,
such as login credentials and credit card numbers.



Recommendations

System administrators will need to patch their systems if their TLS are
implemented using RSA ciphers by the affected vendors/implementations.
Visit https://robotattack.org for more information on the respective
vendor's patches.

If patches are not available, consider disabling TLS RSA cipher suites, if
possible, with the help of the product's documentation or seek assistance
from the vendor.



Disabling RSA ciphers on a V7R1 system will basically break SSL, since
V7R1 only supports RSA ciphers.

Would need to upgrade to V7R2 or V7R3 for the newer ciphers.



For those running SSL on V7R1, is this the end?



Paul







-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
JWGrant@xxxxxxxxxxxxxxx
Sent: Tuesday, January 02, 2018 4:49 PM
To: Midrange Systems Technical Discussion
Subject: Re: CERT Advisory: #144389 Return of Bleichenbacher's Oracle
Threat (ROBOT)



Hi Rob:



We updated the cipher specs (via the notes.ini) and now pass the test for
Bleichenbacher's Oracle Threat (ROBOT) for both traveler and domino



SSLCipherSpec=C030009FC02F009EC028006BC0270067





This fixes domino but now we have to handle the IBMi apache servers as
well.



Jim



Jim W Grant

Senior VP, Chief Information Officer

Web: www.pdpgroupinc.com<http://www.pdpgroupinc.com>









From: "Rob Berendt" <rob@xxxxxxxxx<mailto:rob@xxxxxxxxx>>

To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx<
mailto:midrange-l@xxxxxxxxxxxx>>

Date: 01/02/2018 03:06 PM

Subject: Re: CERT Advisory: #144389 Return of

Bleichenbacher's Oracle Threat (ROBOT)

Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx<mailto:
midrange-l-bounces@xxxxxxxxxxxx>>







Previous audits have blacklisted some

SSLCipherSpec=C030009FC02F009EC028006BC0270067

# Security audit black list:

# RSA_WITH_AES_256_GCM_SHA384 (009D)

# RSA_WITH_AES_128_GCM_SHA256 (009C)

# RSA_WITH_AES_256_CBC_SHA256 (003D)

# RSA_WITH_AES_256_CBC_SHA (0035)

# RSA_WITH_AES_128_CBC_SHA256 (003C)

# RSA_WITH_AES_128_CBC_SHA (002F)

# RSA_WITH_3DES_EDE_CBC_SHA (000A)

# RSA_WITH_RC4_128_SHA (0005)

# ECDHE_RSA_WITH_AES_256_CBC_SHA (C014) # DHE_RSA_WITH_AES_256_CBC_SHA
(0039) # ECDHE_RSA_WITH_AES_128_CBC_SHA (C013)
https://www-10.lotus.com/ldd/dominowiki.nsf/dx/TLS_Cipher_Configuration





Rob Berendt

--

IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail
to: 2505 Dekko Drive

Garrett, IN 46738

Ship to: Dock 108

6928N 400E

Kendallville, IN 46755

http://www.dekko.com



--

This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx<mailto:
MIDRANGE-L@xxxxxxxxxxxx> To subscribe, unsubscribe, or change list
options,

visit: https://lists.midrange.com/mailman/listinfo/midrange-l

or email: MIDRANGE-L-request@xxxxxxxxxxxx<mailto:MIDRANGE-L-request@
midrange.com> Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.



Please contact support@xxxxxxxxxxxx<mailto:support@xxxxxxxxxxxx> for any
subscription related questions.



Help support midrange.com by shopping at amazon.com with our affiliate

link: http://amzn.to/2dEadiD







--

This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list

To post a message email: MIDRANGE-L@xxxxxxxxxxxx<mailto:
MIDRANGE-L@xxxxxxxxxxxx>

To subscribe, unsubscribe, or change list options,

visit: https://lists.midrange.com/mailman/listinfo/midrange-l

or email: MIDRANGE-L-request@xxxxxxxxxxxx<mailto:MIDRANGE-L-request@
midrange.com>

Before posting, please take a moment to review the archives

at https://archive.midrange.com/midrange-l.



Please contact support@xxxxxxxxxxxx<mailto:support@xxxxxxxxxxxx> for any
subscription related questions.



Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.