Download
Abstract
This is Fix Pack 10.0.0.2 for IBM Integration Bus Version 10
Download Description
Changes introduced by this Fix Pack might negatively affect existing product function.
Please refer to APARs:
for a description of the problems and corrective actions.
Evaluate these APARs for the potential impact in your environment.
Fix Pack 10.0.0.2 is the second maintenance release for IBM Integration Bus Version 10. It is available for the following platforms:
AIX
HP-UX Itanium
Linux on Intel x86-64
Linux (Power)
Linux on zSeries
Sun Solaris
Solaris x86-64
Windows 64 bit
z/OS (PTFs UI31450, UI31451, UI31452, UI31453)
Please note:
In response to recent PSIRT Advisories various protocols and ciphers suites are disabled by default in IBM Integration Bus 10.0.0.2 and above.
RC4 ciphers are disabled by default for all inbound and outbound connections, apart from ODBC database access, because the RC4 algorithm is no longer considered secure due to the Bar Mitzvah vulnerability. The following IBM security bulletin, published in May 2015, gives futher details: http://www-01.ibm.com/support/docview.wss?uid=swg21883122
Diffie-Hellman (DH) ciphers are restricted to using a minimum key size of 768 bits, apart from ODBC database access, because weak DH keys are no longer considered secure due to the Logjam vulnerability. The following IBM security bulletin, published in June 2015, gives further details: http://www-01.ibm.com/support/docview.wss?uid=swg21958955
RC4
Affected RC4 cipher suites were not enabled by default for inbound and outbound secure connections, apart from ODBC database access.
Users will only be effected by this change if they have explicitly configured an allowed cipher list which includes one of the affected ciphers sites which are now disabled.
The list of affected RC4 ciphers suites which are now disabled by default are as listed here in the Java 7 Knowledge Center: http://www-01.ibm.com/support/knowledgecenter/SSYKE2_7.0.0/com.ibm.java.security.component.70.doc/security-component/jsse2Docs/ciphersuites.html
* SSL_ECDHE_ECDSA_WITH_RC4_128_SHA
* SSL_ECDHE_RSA_WITH_RC4_128_SHA
* SSL_ECDH_ECDSA_WITH_RC4_128_SHA
* SSL_ECDH_RSA_WITH_RC4_128_SHA
* SSL_RSA_WITH_RC4_128_MD
Users are recommended to update any configuration using these ciphers suites to use a different cipher suite.
To disable RC4 ciphers for the ODBC database access follow the mitigation steps in the IBM security bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21883122
It is strongly recommended that changes are made to avoid the known security vulnerability in the RC4 ciphers. However, if it is not possible to use alternative ciphers, then the disabled RC4 ciphers can be re-enabled by using the following steps:
1. Edit the java.security file in the jre\lib\security directory of the IBM Integration Bus installation.
For example:
c:\Program Files\IBM\IIB\10.0.0.2\common\jdk\jre\lib\security\java.security
/opt/ibm/iib/10.0.0.2/common/jdk/jre/lib/security/java.security (LinuxX64 only)
/opt/ibm/iib/10.0.0.2/common/jre/lib/security/java.security
2. Search for the string "jdk.tls.disabledAlgorithms" and remove RC4 from the list of disabled algorithms.
For example:
Change:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768
To:
jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768
Diffie-Hellman (DH)
All DH and DHE cipher suites apart from ECDH and ECDHE ones are effected by this change.
If a client or server used for inbound or outbound connections attempts to use a keysize of less than 768 bits then the connection will terminate.
Users are recommended to update all remote clients or servers to use keysizes greater than 768 bits.
To disable DH and DHE ciphers for ODBC database access follow the mitigations steps in the IBM security bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21958955
It is strongly recommended that changes are made to avoid the known security vulnerability in the DH ciphers. However, if it is not possible to use larger keysizes or alternative ciphers, then the keysize restriction can be lifted by using the following steps:
1. Edit the java.security file in the jre\lib\security directory of the IBM Integration Bus installation.
For example:
c:\Program Files\IBM\IIB\10.0.0.2\common\jdk\jre\lib\security\java.security
/opt/ibm/iib/10.0.0.2/common/jdk/jre/lib/security/java.security (LinuxX64 only)
/opt/ibm/iib/10.0.0.2/common/jre/lib/security/java.security
2. Search for the string "jdk.tls.disabledAlgorithms" and remove the DH keySize entry from the list of disabled algorithms.
For example:
Change:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768
To:
jdk.tls.disabledAlgorithms=SSLv3, RC4
For details of the problems fixed for the WebSphere Adapters included with this Fix Pack:
http://www.ibm.com/support/docview.wss?uid=swg27035733
For details of the problems fixed in IBM Data Format Description Language Version 1.1.2.0 iFix002 included with this Fix Pack:
http://www.ibm.com/support/docview.wss?uid=swg27041010
For details of the problems fixed in IBM Graphical Data Mapper Version 1.0.5.0 iFix002 included with this Fix Pack:
http://www.ibm.com/support/docview.wss?uid=swg27024325
The following table shows embedded components in IBM Integration Bus V10.0 and the versions shipped with this Fix Pack.
Embedded component | Version shipped with this Fix Pack |
Data Format Description Language | 1.1.2.0 iFix002 |
Graphical Data Mapper | 1.0.5.0 iFix002 |
Java SE Runtime Environment | 7.1 SR3 FP10 for AIX, Linux and Windows platforms 7.0 SR9 FP10 for Solaris and 7.0 SR9 for HP |
WebSphere MQ File Transfer Edition | FTE 7.0.4.4 + IT07171 |
WAS thin client (used by SOAP and SCA nodes) | 8.5.5.3 + PI31471 |
WSRR client | 7.5.0.1 |
WebSphere eXtreme Scale | 8.6.0.8 |
Tomcat | 7.0.63 |
International Components for Unicode (ICU) | 51.2 |
ICU Time Zones | 2015f |
DataDirect Drivers | 7.1 |
jSch Library (used by file nodes for SFTP) | 0.1.53 |
XML4C | 5.8.5 |
[{"PRLabel":"System Requirements","PRLang":"English","PRSize":"999","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27045108"}]
[{"INLabel":"Release Notes","INLang":"English","INSize":"999","INURL":"http://www-01.ibm.com/support/docview.wss?uid=swg27045067"},{"INLabel":"Integration Bus Library","INLang":"English","INSize":"999","INURL":"http://www-01.ibm.com/software/integration/ibm-integration-bus/library/index.html"},{"INLabel":"Problems Fixed","INLang":"English","INSize":"999","INURL":"http://www-01.ibm.com/support/docview.wss?uid=swg27045813"}]
On
[{"DNLabel":"AIX","DNDate":"25 Sep 2015","DNLang":"English","DNSize":"969802427","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=10.0.0.2&platform=AIX+64-bit,+pSeries&function=all&useReleaseAsTarget=true&source=fc","DNURL_FTP":" ","DDURL":null},{"DNLabel":"HP Itanium","DNDate":"25 Sep 2015","DNLang":"English","DNSize":"642916463","DNPlat":{"label":"HP-UX","code":"PF010"},"DNURL":"http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=10.0.0.2&platform=HPUX+64-bit,+IA64&function=all&useReleaseAsTarget=true&source=fc","DNURL_FTP":" ","DDURL":null},{"DNLabel":"LinuxPPC","DNDate":"25 Sep 2015","DNLang":"English","DNSize":"533992755","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=10.0.0.2&platform=Linux+64-bit,pSeries&function=all&useReleaseAsTarget=true&source=fc","DNURL_FTP":" ","DDURL":null},{"DNLabel":"LinuxX86-64","DNDate":"25 Sep 2015","DNLang":"English","DNSize":"1248359630","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=10.0.0.2&platform=Linux+64-bit,x86_64&function=all&useReleaseAsTarget=true&source=fc","DNURL_FTP":" ","DDURL":null},{"DNLabel":"Linux390x(Z-Series)","DNDate":"25 Sep 2015","DNLang":"English","DNSize":"524496640","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=10.0.0.2&platform=Linux+64-bit,zSeries&function=all&useReleaseAsTarget=true&source=fc","DNURL_FTP":" ","DDURL":null},{"DNLabel":"Solaris SPARC","DNDate":"25 Sep 2015","DNLang":"English","DNSize":"579110330","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=10.0.0.2&platform=Solaris+64-bit,SPARC&function=all&useReleaseAsTarget=true&source=fc","DNURL_FTP":" ","DDURL":null},{"DNLabel":"SolarisX86-64","DNDate":"25 Sep 2015","DNLang":"English","DNSize":"563833078","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=10.0.0.2&platform=Solaris+64-bit,x86&function=all&useReleaseAsTarget=true&source=fc","DNURL_FTP":" ","DDURL":null},{"DNLabel":"Windows 64 Bit","DNDate":"25 Sep 2015","DNLang":"English","DNSize":"1387833400","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=10.0.0.2&platform=Windows+64-bit,+x86&function=all&useReleaseAsTarget=true&source=fc","DNURL_FTP":" ","DDURL":null},{"DNLabel":"z/OS","DNDate":"30 Sep 2015","DNLang":"English","DNSize":"223471616","DNPlat":{"label":"z/OS","code":"PF035"},"DNURL":"http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=10.0.0.2&platform=z/OS&function=all&useReleaseAsTarget=true&source=fc","DNURL_FTP":" ","DDURL":null}]
[{"Product":{"code":"SSNQK6","label":"IBM Integration Bus"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Maintenance","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"10.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
23 March 2020
UID
swg24040976