APAR status
Closed as program error.
Error description
All customers using Communications Server for Linux or Communications Server for Linux on zSeries, relying on Secure Socket Layer v3 (SSLv3) or any of the multiple versions of Transport Layer Security (TLS) in support of secure communications between a client and server or between server and server are impacted by a recently discovered weakness in the TLS and SSL v3 protocols. SSLv2 is not affected. The TLS/SSL weakness exists in multiple implementations of the Transport Layer Security (TLS) protocol, including SSL.
Local fix
Problem summary
To address the weakness in the TLS/SSL handshake renegotiation, IBM, along with the other members in the Industry Consortium for the Advancement of Security on the Internet (ICASI), are working together with the Internet Engineering Task Force (IETF) to enhance and strengthen the handshake renegotiation protocol in the TLS specification. This effort will take some time to complete. The delivery outlook for inclusion of this enhanced handshake renegotiation capability in TLS protocol implementations is unknown at this time.
Problem conclusion
n the interim, the TLS handshake renegotiation will be disabled by application of this APAR. The TLS handshake renegotiation is rarely used. Disabling the TLS handshake renegotiation will block a remote attacker from attempting to exploit the weakness in the TLS protocol. After applying this APAR, the default setting will disable the TLS handshake renegotiation. There is an option to re-enable renegotiation if warranted. TLS handshake renegotiation should be re-enabled only if absolutely necessary and with a clear understanding and acceptance of the potential security risks. To override the default setting and re-enable handshake renegotiation, see the instructions in the readme for APAR LI75181.
Temporary fix
Comments
APAR Information
APAR number
JR36023
Reported component name
COMM SERV NT 6.
Reported component ID
5639F2503
Reported release
613
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-03-23
Closed date
2010-03-23
Last modified date
2010-03-23
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
COMM SERV NT 6.
Fixed component ID
5639F2503
Applicable component levels
R613 PSY
UP
{"0":{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSHQNF","label":"Communications Server for Windows"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"613","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},"44":{"Product":{"code":"SSSN3L","label":"Communications Server for z\/OS"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Line of Business":{"code":"LOB35","label":"Mainframe SW"}},"45":{"Product":{"code":"SSPQKF","label":"Communications Server for AIX"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Line of Business":{"code":"LOB35","label":"Mainframe SW"}},"46":{"Product":{"code":"SSDMF3","label":"Communications Server for Linux on zSeries"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Line of Business":{"code":"LOB35","label":"Mainframe SW"}},"47":{"Product":{"code":"SSHQLW","label":"Communications Server for Linux"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Line of Business":{"code":"LOB35","label":"Mainframe SW"}},"48":{"Product":{"code":"SSY50V","label":"Communications Server for UNIX"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Line of Business":{"code":"LOB35","label":"Mainframe SW"}},"1":null,"2":null,"3":null,"4":null,"5":null,"6":null,"7":null,"8":null,"9":null,"10":null,"11":null,"12":null,"13":null,"14":null,"15":null,"16":null,"17":null,"18":null,"19":null,"20":null,"21":null,"22":null,"23":null,"24":null,"25":null,"26":null,"27":null,"28":null,"29":null,"30":null,"31":null,"32":null,"33":null,"34":null,"35":null,"36":null,"37":null,"38":null,"39":null,"40":null,"41":null,"42":null,"43":null}
Document Information
Modified date:
14 November 2022