• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1398
  • Last Modified:

Disabling 40 & 56bit Encryption upon an IBM Iseries

How would i go about i disabling 40 & 56 Bit encryption on an IBM Iseries. Such that connections from browsers with weak ciphers will be disallowed.
0
biggiesmallzz
Asked:
biggiesmallzz
1 Solution
 
bggauthCommented:
Hi,

If you are positive they are enabled on your system, you would probably need to use the QSOMAINT API assuming you are at V5R3 or V5R4?
You can use this to determine what the current attributes for System SSL are for supported protocols and cipher suites
CALL QSYS/QSOMAINT PARM(35 1)

This will generate a spooled file called QPCSMPRT.
It will show you what is enabled or disabled
SSL VERSION 2.0: DISABLED
SSL VERSION 3.0: ENABLED
TLS VERSION 1.0: ENABLED

If you have weka ciphes, you should see something like this:
THE DEFAULT CIPHERS IN EFFECT ARE LISTED HERE IN ORDER:  
-------------------------------------------------------  
SSL_RSA_WITH_RC4_128_MD5                                  
SSL_RSA_WITH_RC4_128_SHA                                  
TLS_RSA_WITH_AES_128_CBC_SHA                              
TLS_RSA_WITH_AES_256_CBC_SHA                              
SSL_RSA_WITH_3DES_EDE_CBC_SHA                            
SSL_RSA_WITH_DES_CBC_SHA                                  
SSL_RSA_EXPORT_WITH_RC4_40_MD5                            
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5                        
.                                                        
THESE CIPHERS ARE SUPPORTED, BUT NOT IN THE DEFAULT LIST:
---------------------------------------------------------
SSL_RSA_WITH_NULL_MD5                                    
SSL_RSA_WITH_NULL_SHA                                    
****** END OF DUMP ******                                

If you are at a release below V5R3, I suggest you get an SOW created and contact IBM to work on a solution.

Barry G.
0
 
dudetest1Commented:
I had the same issue, I just want to disable SSLVersion 2.0 in my ISeries. The program QSYS/QSOMAINT just show a report with the SSL versions and all Ciphers, but how can I disable SSLv2?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now