IBM Support

PI34229: Disable RC4-based TLS ciphers by default in IBM HTTP Server

Download


Abstract

Disable RC4-based TLS ciphers by default in IBM HTTP Server

Download Description

PI34229 resolves the following problem:

ERROR DESCRIPTION:
When SSL is enabled with 'SSLEnable', IBM HTTP Server includes RC4-based ciphers in its default ciphers.

(Note: This interim fix also includes the fix for PI31516.)

LOCAL FIX:

PROBLEM SUMMARY:
RC4 is now considered 'weak', so RC4-based ciphers should not be included in the default list.

PROBLEM CONCLUSION:
RC4 was removed from the set of default ciphers in V7R0 and later.

This fix is targeted for IBM HTTP Server fix packs:
- 7.0.0.39
- 8.0.0.11
- 8.5.5.6

Prerequisites

UpdateInstaller is required for IHS 7.0 interim fixes.

[{"PRLabel":"UpdateInstaller","PRLang":"US English","PRSize":"7250000","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http:\/\/www.ibm.com\/support\/docview.wss?rs=180&uid=swg21205991"}]

Installation Instructions

For IHS 8.0 and 8.5.5, the interim fix can be installed using Installation Manager (IM) with the Web-based ("live") repository provided by IBM. It might be necessary to de-select the "Show recommended only" option within IM and to expand "Only fixes for version 8.x.y.z" to see the fix listed.

The interim fix is also available from Fix Central at the link listed in the Download Package section below.

Download Package

Note: This interim fix also includes the fix for PI31516.

On
[{"DNLabel":"8.5.5.2 - 8.5.5.3 Distributed platforms","DNDate":"9 Apr 2015","DNLang":"US English","DNSize":"1645604","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.5.5.2-WS-WASIHS-MultiOS-IFPI34229&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.4 - 8.5.5.5 Distributed platforms","DNDate":"9 Apr 2015","DNLang":"US English","DNSize":"1725302","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.5.5.4-WS-WASIHS-MultiOS-IFPI34229&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.9 - 8.0.0.10 Distributed platforms","DNDate":"9 Apr 2015","DNLang":"US English","DNSize":"1641639","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.0.0.9-WS-WASIHS-MultiOS-IFPI34229&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 AixPPC32","DNDate":"9 Apr 2015","DNLang":"US English","DNSize":"75290","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=7.0.0.33-WS-WASIHS-AixPPC32-IFPI34229&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 HpuxIA64","DNDate":"9 Apr 2015","DNLang":"US English","DNSize":"195187","DNPlat":{"label":"HP-UX","code":"PF010"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=7.0.0.33-WS-WASIHS-HpuxIA64-IFPI34229&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 HpuxPaRISC","DNDate":"9 Apr 2015","DNLang":"US English","DNSize":"101872","DNPlat":{"label":"HP-UX","code":"PF010"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=7.0.0.33-WS-WASIHS-HpuxPaRISC-IFPI34229&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 LinuxPPC32","DNDate":"9 Apr 2015","DNLang":"US English","DNSize":"74351","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=7.0.0.33-WS-WASIHS-LinuxPPC32-IFPI34229&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 LinuxS390","DNDate":"9 Apr 2015","DNLang":"US English","DNSize":"80660","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=7.0.0.33-WS-WASIHS-LinuxS390-IFPI34229&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 LinuxX32","DNDate":"9 Apr 2015","DNLang":"US English","DNSize":"67291","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=7.0.0.33-WS-WASIHS-LinuxX32-IFPI34229&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 SolarisSparc","DNDate":"9 Apr 2015","DNLang":"US English","DNSize":"86869","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=7.0.0.33-WS-WASIHS-SolarisSparc-IFPI34229&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 SolarisX64","DNDate":"9 Apr 2015","DNLang":"US English","DNSize":"83725","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=7.0.0.33-WS-WASIHS-SolarisX64-IFPI34229&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.33 - 7.0.0.37 WinX32","DNDate":"9 Apr 2015","DNLang":"US English","DNSize":"97396","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=7.0.0.33-WS-WASIHS-WinX32-IFPI34229&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.9 - 8.0.0.10 z\/OS","DNDate":"4 May 2015","DNLang":"US English","DNSize":"380281","DNPlat":{"label":"z\/OS","code":"PF035"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.0.0.9-WS-WASIHS-OS390-IFPI34229&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.2 - 8.5.5.3 z\/OS","DNDate":"4 May 2015","DNLang":"US English","DNSize":"547767","DNPlat":{"label":"z\/OS","code":"PF035"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.5.5.2-WS-WASIHS-OS390-IFPI34229&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.5.4 - 8.5.5.5 z\/OS","DNDate":"4 May 2015","DNLang":"US English","DNSize":"547767","DNPlat":{"label":"z\/OS","code":"PF035"},"DNURL":"http:\/\/www-933.ibm.com\/eserver\/support\/fixes\/fixcentral\/swgquickorder?fixes=8.5.5.4-WS-WASIHS-OS390-IFPI34229&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":"IBM HTTP Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5.5;8.5.5.4;8.5.5.3;8.5.5.2;8.0.0.9;8.0.0.10;7.0.0.37;7.0.0.35;7.0.0.33","Edition":"Advanced;Base;Enterprise;Network Deployment;Single Server"}]

Document Information

Modified date:
15 June 2018

UID

swg24039770