IBM Support

Disabling insecure SSL functionality in AIX

Question & Answer


Question

How do I configure AIX to disable SSLv3, TLS 1.0, TLS 1.1 or other SSL features that are no longer considered secure?

Answer

The AIX base operating system uses OpenSSL 1.0.2, which does not provide a global configuration mechanism to enable or disable default cipher and protocol settings for applications.  Instead, it is up to each application to allow users to configure the application to pass these configuration choices to the OpenSSL library via the SSL_CTX_set_cipher_options or SSL_set_cipher_options function calls.
Because configuration is done on a per-application basis, the methods and options will vary.  Each application using OpenSSL must be identified and its documentation consulted to determine how to configure it to comply with environmental security requirements.  Documentation on how to configure the programs which use OpenSSL that are part of the AIX base operating system may be found at http://www.ibm.com/support/docview.wss?uid=isg3T1025319.
IBM Java has its own SSL implementation and does not use OpenSSL.  Documentation on how to configure it to disable older SSL functionality may be found at http://www-01.ibm.com/support/docview.wss?uid=isg3T1023713.

SUPPORT:

If additional assistance is required after completing all of the instructions provided in this document, please follow the step-by-step instructions below to contact IBM to open a case for software under warranty or with an active and valid support contract.  The technical support specialist assigned to your case will confirm that you have completed these steps.

a.  Document and/or take screen shots of all symptoms, errors, and/or messages that might have occurred

b.  Capture any logs or data relevant to the situation.

c.  Contact IBM to open a case:

   -For electronic support, please visit the IBM Support Community:
     https://www.ibm.com/mysupport
   -If you require telephone support, please visit the web page:
      https://www.ibm.com/planetwide/

d.  Provide a good description of your issue and reference this technote

e.  Upload all of the details and data to your case

   -You can attach files to your case in the IBM Support Community
   -Or Upload data to IBM testcase server analysis:

    http://www.ibm.com/support/docview.wss?uid=ibm10733581

f.  Click here to submit feedback for this document.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"Component":"","Platform":[{"code":"PF002","label":"AIX"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Document Information

Modified date:
11 June 2019

UID

ibm10875516

Page Feedback