APAR status
Closed as program error.
Error description
The connectIon was workIng goIng from CD>CD and now they are movIng theIr CD Server to use SSP (CD>SSP>CD) EnvIronment: CD Protocol SSLv3 Protocol CIpher: SSL_RSA_WITH_AES_256_CBC_SHA When using CD>SSP>CD, the connection fails when using SSL_RSA_WITH_AES_256_CBC_SHA. The can get the connection working with 3DES only.
Local fix
STRRTC - 561603 RJ/RJ Circumvention: Update to latest SSP Build
Problem summary
The SSPCM GUI listed AES and ECDHE cipher suites for the SSLv3 protocol, but they are not supported by the IBM JSSE toolkit.
Problem conclusion
Removed all the AES and ECDHE ciphers for SSLv3 as there are no ciphers in the IBM JSSE toolkit which work out of the box with SSLv3. Left 3DES as a default as there must be at least one cipher to save a config. To allow SSLv3 as a protocol, see the writeup for IT07375 in the fixlist. To allow 3DES as a cipher suite, see the writeup for RTC533801.
Temporary fix
SSP3430 iFix 5 Plus Build 208
Comments
APAR Information
APAR number
IT24112
Reported component name
STR SECURE PROX
Reported component ID
5725D0300
Reported release
343
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-02-19
Closed date
2018-03-15
Last modified date
2018-03-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
STR SECURE PROX
Fixed component ID
5725D0300
Applicable component levels
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS6PNW","label":"Sterling Secure Proxy"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"343","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]
Document Information
Modified date:
22 May 2025