IBM Support

IBM Integration Bus V10.0 - Fix Pack 10.0.0.2

Download


Abstract

This is Fix Pack 10.0.0.2 for IBM Integration Bus Version 10

Download Description



Changes introduced by this Fix Pack might negatively affect existing product function.


Please refer to APARs:

for a description of the problems and corrective actions.

Evaluate these APARs for the potential impact in your environment.




Fix Pack 10.0.0.2 is the second maintenance release for IBM Integration Bus Version 10. It is available for the following platforms:

AIX
HP-UX Itanium
Linux on Intel x86-64
Linux (Power)
Linux on zSeries
Sun Solaris
Solaris x86-64
Windows 64 bit
z/OS (PTFs UI31450, UI31451, UI31452, UI31453)

Please note:
In response to recent PSIRT Advisories various protocols and ciphers suites are disabled by default in IBM Integration Bus 10.0.0.2 and above.
RC4 ciphers are disabled by default for all inbound and outbound connections, apart from ODBC database access, because the RC4 algorithm is no longer considered secure due to the Bar Mitzvah vulnerability. The following IBM security bulletin, published in May 2015, gives futher details: http://www-01.ibm.com/support/docview.wss?uid=swg21883122
Diffie-Hellman (DH) ciphers are restricted to using a minimum key size of 768 bits, apart from ODBC database access, because weak DH keys are no longer considered secure due to the Logjam vulnerability. The following IBM security bulletin, published in June 2015, gives further details: http://www-01.ibm.com/support/docview.wss?uid=swg21958955
RC4

Affected RC4 cipher suites were not enabled by default for inbound and outbound secure connections, apart from ODBC database access.
Users will only be effected by this change if they have explicitly configured an allowed cipher list which includes one of the affected ciphers sites which are now disabled.
The list of affected RC4 ciphers suites which are now disabled by default are as listed here in the Java 7 Knowledge Center: http://www-01.ibm.com/support/knowledgecenter/SSYKE2_7.0.0/com.ibm.java.security.component.70.doc/security-component/jsse2Docs/ciphersuites.html
* SSL_ECDHE_ECDSA_WITH_RC4_128_SHA
* SSL_ECDHE_RSA_WITH_RC4_128_SHA
* SSL_ECDH_ECDSA_WITH_RC4_128_SHA
* SSL_ECDH_RSA_WITH_RC4_128_SHA
* SSL_RSA_WITH_RC4_128_MD

Users are recommended to update any configuration using these ciphers suites to use a different cipher suite.

To disable RC4 ciphers for the ODBC database access follow the mitigation steps in the IBM security bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21883122


It is strongly recommended that changes are made to avoid the known security vulnerability in the RC4 ciphers. However, if it is not possible to use alternative ciphers, then the disabled RC4 ciphers can be re-enabled by using the following steps:

1. Edit the java.security file in the jre\lib\security directory of the IBM Integration Bus installation.
For example:
c:\Program Files\IBM\IIB\10.0.0.2\common\jdk\jre\lib\security\java.security
/opt/ibm/iib/10.0.0.2/common/jdk/jre/lib/security/java.security (LinuxX64 only)
/opt/ibm/iib/10.0.0.2/common/jre/lib/security/java.security

2. Search for the string "jdk.tls.disabledAlgorithms" and remove RC4 from the list of disabled algorithms.
For example:
Change:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768

To:
jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768

Diffie-Hellman (DH)

All DH and DHE cipher suites apart from ECDH and ECDHE ones are effected by this change.
If a client or server used for inbound or outbound connections attempts to use a keysize of less than 768 bits then the connection will terminate.
Users are recommended to update all remote clients or servers to use keysizes greater than 768 bits.

To disable DH and DHE ciphers for ODBC database access follow the mitigations steps in the IBM security bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21958955


It is strongly recommended that changes are made to avoid the known security vulnerability in the DH ciphers. However, if it is not possible to use larger keysizes or alternative ciphers, then the keysize restriction can be lifted by using the following steps:

1. Edit the java.security file in the jre\lib\security directory of the IBM Integration Bus installation.
For example:
c:\Program Files\IBM\IIB\10.0.0.2\common\jdk\jre\lib\security\java.security
/opt/ibm/iib/10.0.0.2/common/jdk/jre/lib/security/java.security (LinuxX64 only)
/opt/ibm/iib/10.0.0.2/common/jre/lib/security/java.security

2. Search for the string "jdk.tls.disabledAlgorithms" and remove the DH keySize entry from the list of disabled algorithms.
For example:
Change:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768

To:
jdk.tls.disabledAlgorithms=SSLv3, RC4


For details of the problems fixed for the WebSphere Adapters included with this Fix Pack:
http://www.ibm.com/support/docview.wss?uid=swg27035733

For details of the problems fixed in IBM Data Format Description Language Version 1.1.2.0 iFix002 included with this Fix Pack:
http://www.ibm.com/support/docview.wss?uid=swg27041010

For details of the problems fixed in IBM Graphical Data Mapper Version 1.0.5.0 iFix002 included with this Fix Pack:
http://www.ibm.com/support/docview.wss?uid=swg27024325

The following table shows embedded components in IBM Integration Bus V10.0 and the versions shipped with this Fix Pack.

Embedded componentVersion shipped with this Fix Pack
Data Format Description Language1.1.2.0 iFix002
Graphical Data Mapper1.0.5.0 iFix002
Java SE Runtime Environment7.1 SR3 FP10 for AIX, Linux and Windows platforms
7.0 SR9 FP10 for Solaris and 7.0 SR9 for HP
WebSphere MQ File Transfer EditionFTE 7.0.4.4 + IT07171
WAS thin client (used by SOAP and SCA nodes)8.5.5.3 + PI31471
WSRR client 7.5.0.1
WebSphere eXtreme Scale8.6.0.8
Tomcat7.0.63
International Components for Unicode (ICU)51.2
ICU Time Zones2015f
DataDirect Drivers7.1
jSch Library (used by file nodes for SFTP)0.1.53
XML4C5.8.5

[{"PRLabel":"System Requirements","PRLang":"English","PRSize":"999","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http:\/\/www-01.ibm.com\/support\/docview.wss?rs=849&uid=swg27045108"}]
[{"INLabel":"Release Notes","INLang":"English","INSize":"999","INURL":"http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg27045067"},{"INLabel":"Integration Bus Library","INLang":"English","INSize":"999","INURL":"http:\/\/www-01.ibm.com\/software\/integration\/ibm-integration-bus\/library\/index.html"},{"INLabel":"Problems Fixed","INLang":"English","INSize":"999","INURL":"http:\/\/www-01.ibm.com\/support\/docview.wss?uid=swg27045813"}]
On
[{"DNLabel":"AIX","DNDate":"25 Sep 2015","DNLang":"English","DNSize":"969802427","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http:\/\/www-933.ibm.com\/support\/fixcentral\/swg\/quickorder?parent=ibm~WebSphere&product=ibm\/WebSphere\/Integration+Bus&release=10.0.0.2&platform=AIX+64-bit,+pSeries&function=all&useReleaseAsTarget=true&source=fc","DNURL_FTP":" ","DDURL":null},{"DNLabel":"HP Itanium","DNDate":"25 Sep 2015","DNLang":"English","DNSize":"642916463","DNPlat":{"label":"HP-UX","code":"PF010"},"DNURL":"http:\/\/www-933.ibm.com\/support\/fixcentral\/swg\/quickorder?parent=ibm~WebSphere&product=ibm\/WebSphere\/Integration+Bus&release=10.0.0.2&platform=HPUX+64-bit,+IA64&function=all&useReleaseAsTarget=true&source=fc","DNURL_FTP":" ","DDURL":null},{"DNLabel":"LinuxPPC","DNDate":"25 Sep 2015","DNLang":"English","DNSize":"533992755","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http:\/\/www-933.ibm.com\/support\/fixcentral\/swg\/quickorder?parent=ibm~WebSphere&product=ibm\/WebSphere\/Integration+Bus&release=10.0.0.2&platform=Linux+64-bit,pSeries&function=all&useReleaseAsTarget=true&source=fc","DNURL_FTP":" ","DDURL":null},{"DNLabel":"LinuxX86-64","DNDate":"25 Sep 2015","DNLang":"English","DNSize":"1248359630","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http:\/\/www-933.ibm.com\/support\/fixcentral\/swg\/quickorder?parent=ibm~WebSphere&product=ibm\/WebSphere\/Integration+Bus&release=10.0.0.2&platform=Linux+64-bit,x86_64&function=all&useReleaseAsTarget=true&source=fc","DNURL_FTP":" ","DDURL":null},{"DNLabel":"Linux390x(Z-Series)","DNDate":"25 Sep 2015","DNLang":"English","DNSize":"524496640","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http:\/\/www-933.ibm.com\/support\/fixcentral\/swg\/quickorder?parent=ibm~WebSphere&product=ibm\/WebSphere\/Integration+Bus&release=10.0.0.2&platform=Linux+64-bit,zSeries&function=all&useReleaseAsTarget=true&source=fc","DNURL_FTP":" ","DDURL":null},{"DNLabel":"Solaris SPARC","DNDate":"25 Sep 2015","DNLang":"English","DNSize":"579110330","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"http:\/\/www-933.ibm.com\/support\/fixcentral\/swg\/quickorder?parent=ibm~WebSphere&product=ibm\/WebSphere\/Integration+Bus&release=10.0.0.2&platform=Solaris+64-bit,SPARC&function=all&useReleaseAsTarget=true&source=fc","DNURL_FTP":" ","DDURL":null},{"DNLabel":"SolarisX86-64","DNDate":"25 Sep 2015","DNLang":"English","DNSize":"563833078","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"http:\/\/www-933.ibm.com\/support\/fixcentral\/swg\/quickorder?parent=ibm~WebSphere&product=ibm\/WebSphere\/Integration+Bus&release=10.0.0.2&platform=Solaris+64-bit,x86&function=all&useReleaseAsTarget=true&source=fc","DNURL_FTP":" ","DDURL":null},{"DNLabel":"Windows 64 Bit","DNDate":"25 Sep 2015","DNLang":"English","DNSize":"1387833400","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http:\/\/www-933.ibm.com\/support\/fixcentral\/swg\/quickorder?parent=ibm~WebSphere&product=ibm\/WebSphere\/Integration+Bus&release=10.0.0.2&platform=Windows+64-bit,+x86&function=all&useReleaseAsTarget=true&source=fc","DNURL_FTP":" ","DDURL":null},{"DNLabel":"z\/OS","DNDate":"30 Sep 2015","DNLang":"English","DNSize":"223471616","DNPlat":{"label":"z\/OS","code":"PF035"},"DNURL":"http:\/\/www-933.ibm.com\/support\/fixcentral\/swg\/quickorder?parent=ibm~WebSphere&product=ibm\/WebSphere\/Integration+Bus&release=10.0.0.2&platform=z\/OS&function=all&useReleaseAsTarget=true&source=fc","DNURL_FTP":" ","DDURL":null}]
[{"Product":{"code":"SSNQK6","label":"IBM Integration Bus"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":"Maintenance","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"10.0","Edition":""}]

Document Information

Modified date:
04 July 2018

UID

swg24040976