?
Solved

Disabling 40 & 56bit Encryption upon an IBM Iseries

Posted on 2007-10-02
2
Medium Priority
?
1,377 Views
Last Modified: 2013-12-06
How would i go about i disabling 40 & 56 Bit encryption on an IBM Iseries. Such that connections from browsers with weak ciphers will be disallowed.
0
Comment
Question by:biggiesmallzz
2 Comments
 
LVL 2

Accepted Solution

by:
bggauth earned 375 total points
ID: 20009445
Hi,

If you are positive they are enabled on your system, you would probably need to use the QSOMAINT API assuming you are at V5R3 or V5R4?
You can use this to determine what the current attributes for System SSL are for supported protocols and cipher suites
CALL QSYS/QSOMAINT PARM(35 1)

This will generate a spooled file called QPCSMPRT.
It will show you what is enabled or disabled
SSL VERSION 2.0: DISABLED
SSL VERSION 3.0: ENABLED
TLS VERSION 1.0: ENABLED

If you have weka ciphes, you should see something like this:
THE DEFAULT CIPHERS IN EFFECT ARE LISTED HERE IN ORDER:  
-------------------------------------------------------  
SSL_RSA_WITH_RC4_128_MD5                                  
SSL_RSA_WITH_RC4_128_SHA                                  
TLS_RSA_WITH_AES_128_CBC_SHA                              
TLS_RSA_WITH_AES_256_CBC_SHA                              
SSL_RSA_WITH_3DES_EDE_CBC_SHA                            
SSL_RSA_WITH_DES_CBC_SHA                                  
SSL_RSA_EXPORT_WITH_RC4_40_MD5                            
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5                        
.                                                        
THESE CIPHERS ARE SUPPORTED, BUT NOT IN THE DEFAULT LIST:
---------------------------------------------------------
SSL_RSA_WITH_NULL_MD5                                    
SSL_RSA_WITH_NULL_SHA                                    
****** END OF DUMP ******                                

If you are at a release below V5R3, I suggest you get an SOW created and contact IBM to work on a solution.

Barry G.
0
 

Expert Comment

by:dudetest1
ID: 22822102
I had the same issue, I just want to disable SSLVersion 2.0 in my ISeries. The program QSYS/QSOMAINT just show a report with the SSL versions and all Ciphers, but how can I disable SSLv2?
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Often we come across situations wherein our batch files would be needing to reboot Windows for a variety of reasons. A few of them would be like: (1) Setup files have been updated whose changes can take effect only after a reboot …
Hello I read in a discussion about a person who configured a very simple mirror RAID with two hard drives; the system and data were on the same partition. He asked how to repair the system as it was not booting up anymore. In his case running …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question