IBM Support

IT30248: HOD: HOST ON-DEMAND DOES NOT CONNECT HIGHER STRENGTH CIPHER WITH IBM JRE BY DEFAULT

Fixes are available

IBM Host On-Demand 14.0.2
IBM Host On-Demand 13.0.4
IBM Host On-Demand 12.0.6

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The IBM 32-bit Java JRE (8.0.5.30) that comes with HOD V14 does
not connect TLS v1.2 sessions at AES_256 by default.
HOD TLS v1.2 sessions only connect at AES_128.
If Oracle Java 8 Update 211 is installed on the workstation,
HOD TLS v1.2 sessions connect at AES_256 by default.
Oracle Java 8 made this change to use Java Cryptography
Extension (JCE) Unlimited Strength by default, since their Java
8 Update 151.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
* Host On-Demand secure connection users                       *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* Secure host does not connect on stronger cipher suites.      *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
IBM JRE does not use the Unlimited Strength JCE by default. 3270
hosts and 5250 hosts do not connect with 256 bit cipher suites
using IBM JRE.

    



Problem conclusion


    

  • Code changes have been made to address this issue.

Fix included in Host On-Demand Refresh Packs for 12.0.6, 13.0.4
and 14.0.2

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT30248
    • 

  • Reported component name
    HOD
    • 

  • Reported component ID
    5733A5901
    • 

  • Reported release
    E00
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2019-09-11
    • 

  • Closed date
    2021-05-26
    • 

  • Last modified date
    2021-05-26
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Modules/Macros


    

  • HOD

    



Fix information


    

  • Fixed component name
    HOD
    • 

  • Fixed component ID
    5733A5901
    • 



Applicable component levels


    

  • RC00  PSY
       UP
    • 

  • RD00  PSY
       UP
    • 

  • RE00  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSS9FA","label":"IBM Host On-Demand"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"E00","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            24 November 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback