× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2018

Re: PTF MF64534 for ROBOT TLS Vulnerability...

1: What in "THIS PTF CAN BE APPLIED IMMEDIATE OR DELAYED." makes you
think you need to IPL? Did you pick an option to set them all as delayed
or did it bring down a coreq or prereq which requires an IPL?
2: The cover letter makes one think that they patched the cipher to not
be susceptible to such an attack and that the "circumvention" (or
workaround) is to remove certain ciphers from the system value; not both.
Therefore I do not think that applying this PTF will automatically remove
those ciphers.
3: Not sure if the presence of these ciphers, patched or not, will still
be considered a ding on your audits. Most security scans simply test for
the presences of the cipher, not if the cipher is susceptible to the
attack. Since some of these ciphers are only open to attack under large
scale bombardment such a test in itself could be construed as a DOS
attack.

sndptford mf64534
INSPTF LICPGM((5770999)) DEV(*SERVICE) INSTYP(*IMMDLY)
PTF 5770999-MF64534 V7R3M0 temporarily applied to library QGPL.
DSPSYSVAL SYSVAL(QSSLCSL) OUTPUT(*PRINT)

Current Shipped
value value
*ECDHE_ECDSA_AES_128_GCM_SHA25 *ECDHE_ECDSA_AES_128_GCM_SHA25
6 6
*ECDHE_ECDSA_AES_256_GCM_SHA38 *ECDHE_ECDSA_AES_256_GCM_SHA38
4 4
*ECDHE_RSA_AES_128_GCM_SHA256 *ECDHE_RSA_AES_128_GCM_SHA256
*ECDHE_RSA_AES_256_GCM_SHA384 *ECDHE_RSA_AES_256_GCM_SHA384
*RSA_AES_128_GCM_SHA256 *RSA_AES_128_GCM_SHA256
*RSA_AES_256_GCM_SHA384 *RSA_AES_256_GCM_SHA384
*ECDHE_ECDSA_AES_128_CBC_SHA25 *ECDHE_ECDSA_AES_128_CBC_SHA25
6 6
*ECDHE_ECDSA_AES_256_CBC_SHA38 *ECDHE_ECDSA_AES_256_CBC_SHA38
4 4
*ECDHE_RSA_AES_128_CBC_SHA256 *ECDHE_RSA_AES_128_CBC_SHA256
*ECDHE_RSA_AES_256_CBC_SHA384 *ECDHE_RSA_AES_256_CBC_SHA384
*RSA_AES_128_CBC_SHA256 *RSA_AES_128_CBC_SHA256
*RSA_AES_128_CBC_SHA *RSA_AES_128_CBC_SHA
*RSA_AES_256_CBC_SHA256 *RSA_AES_256_CBC_SHA256
*RSA_AES_256_CBC_SHA *RSA_AES_256_CBC_SHA
*ECDHE_ECDSA_3DES_EDE_CBC_SHA *ECDHE_ECDSA_3DES_EDE_CBC_SHA
*ECDHE_RSA_3DES_EDE_CBC_SHA *ECDHE_RSA_3DES_EDE_CBC_SHA
*RSA_3DES_EDE_CBC_SHA *RSA_3DES_EDE_CBC_SHA


Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.