IBM Support

IT39188: DIFFIE-HELLMAN KEY EXCHANGES ALGORITHMS WITH SHA512 NOT WORKING FOR SFTP CLIENT

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

Direct links to fixes

sfg-docker-6000306
b2bi-docker-6000306
Media_IM_6000306

 

APAR status

  • Closed as new function.

Error description

  • When client upgraded B2Bi from 6005 to 6007, the maverick sftp
client jars got upgraded from 1.7.21 to 1.7.32. The upgraded
jars maintains higher security jars first in the preference. As
a result,

diffie-hellman-group16-sha512 was picked up in 6007 and 6035,
but sftp server on customer's partner is unable to process
SHA512 algos. While the previous maverick version used
diffie-hellman-group-exchange-sha256 for key exchange and it
worked.

Local fix

  • We are proviing the client with a ability to specifiy a key
exhchange as preference over the rest others with a new
parameter PreferredSSHKeyExchangeAlg. With this new parameter
settings client is able to use the desired key exchange algo for
a seamless upgrade from previous maverick jars.

Problem summary

  • Users Affected:
All

Problem Description:
When client upgraded B2Bi from 6005 to 6007, the maverick sftp
client jars got upgraded from 1.7.21 to 1.7.32.
The upgraded jars maintains higher security jars first in the
preference. As a result, diffie-hellman-group16-sha512 was
picked up in 6007 and 6035, but sftp server on customer's
partner is unable to process SHA512 algos. While the previous
maverick version used diffie-hellman-group-exchange-sha256 for
key exchange and it worked.

We are providing the client with a ability to specifiy a key
exhchange as preference over the rest others with a new
parameter PreferredSSHKeyExchangeAlg. With this new parameter
settings, client is able to use the desired key exchange algo
for a seamless upgrade from previous maverick jars.

Platforms Affected:
All

Problem conclusion

  •   Conclusion:
Customer can configure specfic key exchange algorithm as
preferred algorithm over others.

Resolution Summary:
Customer can configure specfic key exchange algorithm using
paramter PreferredSSHKeyExchangeAlg in security.properties as
preferred algorithm over others.

Delivered in:
6000306
6000008
All future Fix Packs can be found in the Release Timeline Matrix
- https://www.ibm.com/support/pages/node/6194265

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT39188
    • 

  • Reported component name
    STR B2B INTEGRA
    • 

  • Reported component ID
    5725D0600
    • 

  • Reported release
    600
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2021-11-24
    • 

  • Closed date
    2022-04-04
    • 

  • Last modified date
    2022-06-20
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    STR B2B INTEGRA
    • 

  • Fixed component ID
    5725D0600
    • 



Applicable component levels


    








      
              
                            

              

              [{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"Sterling B2B Integrator"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"600"}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            21 June 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback