Re: CERT Advisory: #144389 Return of Bleichenbacher's Oracle Threat (ROBOT) -- MIDRANGE-L

× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.

On Wed, Jan 3, 2018 at 8:09 AM, Steinmetz, Paul <PSteinmetz@xxxxxxxxxx>
wrote:

Back in 2015, I had an open SSL PMR, IBM created two SSL PTFs for V7R1.
These PTFs allowed changes to the SSL default config via SST, Advanced
Analysis, SSLCONFIG.
Brad should remember these, MAILTOOL was broke.

I do remember that. It was the SSL APIs that were broke. :)

I believe that's when I added a bypass to MAILTOOL and GETURI to override
the default values for which version of SSL/TLS that were used since the
default values were not working system wide.. for any applications using
the SSL APIs that is.

MF60335 - The SSLv3 protocol and RC4 cipher suites should not be used
due to the POODLE and Bar Mitzvah vulnerabilities.
SI57332 - Customer is unable to get 3rd party application updated to
support the TLSv1.2 protocol. The need exists to make applications coded
to use the default protocol use TLSv1.2 at a
system level to get around the 3rd party.

However, I doubt we will see any future V7R1 SSL PTFs of this magnitude.

Paul

So did this change the OPSYS list of SSL ciphers? I can't recall. I never
was on V7R1.

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.