Security bulletins

A security bulletin is created when an implementation provides a mitigation to a disclosed vulnerability. The vulnerability can be specific to an implementation or generic to the protocol.

It is important for administrators to keep current with all mitigations provided by the implementations. Due to implementation differences, not all implementations are vulnerable to a specific vulnerability. If vulnerable, the mitigation might not be the same for each of the implementations.

The security bulletin contains the actions that must be taken to mitigate the issue. When a protocol or algorithm cannot be fixed, the mitigation might disable that feature.

Note: This disabled feature might result in interoperability issues for environments that depend on the vulnerable protocol.

Subscribe to receive notification when SSL/TLS security bulletins are created or updated. For more information about this process, see My notifications: How to subscribe to valuable product information notifications in the IBM Support Portal.

Manage My notifications to subscribe to "Security bulletin" to receive a notification each time the Security Bulletin publication is updated.

The Security Bulletin publication is an aggregation of individual security bulletins that are created for specific vulnerabilities. Read each individual security bulletin to keep up to date. Security bulletins can be updated after their initial publication when new information becomes available. Updated bulletins are moved back to the top of the aggregation bulletin. The updated bulletin does not have change flags but includes a brief note that indicates what was added to or changed in the bulletin. Re-read the full bulletin contents to see all the updates.