A fix is available
APAR status
Closed as program error.
Error description
Communications Server for Windows, v6.4 and v6.1.3 -------------------------------------------------- Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.
Local fix
Problem summary
Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.
Problem conclusion
The TN3270 Server code has been modified to disable the SSLv3 protocol. TLS 1.0 remains available to be used for secure, encrypted TN3270 connections. Clients that do not support the TLS protocol will be unable to connect.
Temporary fix
Comments
APAR Information
APAR number
JR51581
Reported component name
COMM SERV NT 6.
Reported component ID
5639F2503
Reported release
640
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-10-23
Closed date
2014-11-04
Last modified date
2014-11-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
COMM SERV NT 6.
Fixed component ID
5639F2503
Applicable component levels
R640 PSY
UP
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSHQNF","label":"Communications Server for Windows"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"640","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
16 October 2021