• 2 replies
  • Latest Post - ‏2013-04-19T09:32:00Z by HermannSW
52 Posts

Pinned topic crypro profile

‏2013-04-17T17:43:51Z |

I am new to datapower.

I just received an alert from ibm re: CVE-2013-0169 re: the Lucky 13 hack. The document states to add to the crypto profile to mitigate the threat.

Is a crypto profile needed for every domain ?

  • Kumar_Y
    349 Posts

    Re: crypro profile


    crypto profile in needed only if you are doing the anything over https:// and doing any val creds using forward, reverse or two way SSL.

  • HermannSW
    5221 Posts

    Re: crypro profile


    Just for completeness, this is from 4/7 IBM Mynotification email:


    WebSphere DataPower SOA Appliances: Troubleshooting


    A security vulnerability has been discovered in SSL and TLS protocols when CBC ciphers are used (such as 3DES and AES in CBC)


    Fix will be available in next fixpack, but the APAR text also describes how to fix this vulnerability until the APAR fix is available.

    Hermann<myXsltBlog/> <myXsltTweets/> <myCE/>

    Updated on 2013-04-19T09:33:53Z at 2013-04-19T09:33:53Z by HermannSW