IBM Support

How to enable SSL V3

Question & Answer


Question

How do you enable SSL V3, which is disabled by default due to a Padding Oracle On Downgraded Legacy Encryption (POODLE) attack?

Answer

A new environment variable, CCASE_ENABLE_SSLV3 can be set to TRUE to enable SSL V3 (default: FALSE). If this environment variable is set on a client, then the following integrations are allowed to use SSL V3 negotiation with a web server:

  • The UCM integration with ClearQuest
  • The Base ClearCase integration with ClearQuest
  • CMI integrations with any OSLC provider

If CCASE_ENABLE_SSLV3 is not set, SSL V3 is disallowed. This means that the integrations fail if the web server is configured to allow only SSL V3.

In addition, for the (Perl trigger-based) Base ClearCase integration with ClearQuest, a new configuration option in the config.pl file can be set to enable SSLv3:

    # &SetConfigParm("CQCC_SERVER_SSLV3", "TRUE");

Note: CQCC_SERVER_SSLV3 defaults to FALSE (SSL V3 is disabled). 

For the perl triggers, if either CCASE_ENABLE_SSLV3 or CQCC_SERVER_SSLV3 is set, then SSL V3 is enabled when connecting to the ClearQuest server.

For general information about the SSL V3 vulnerability and ClearCase, refer to this bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21687347.

[{"Product":{"code":"SSSH27","label":"Rational ClearCase"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General Information","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF022","label":"OS X"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.0.0.14;8.0.1.7","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
08 August 2018

UID

swg21695628