APAR status
Closed as program error.
Error description
Remove TLSv10 and TLsv11 from IHS defaults
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM HTTP Server * **************************************************************** * PROBLEM DESCRIPTION: TLSv10 and TLsv11 are enabled by * * default when specifying "SSLEnable" * **************************************************************** * RECOMMENDATION: * **************************************************************** Prior to this APAR, configuring SSL with "SSLEnable" enabled TLSv10 and TLSv11 in addition to other protocols. Many IT security scanners now flag systems that support/tolerate TLSv10 and TLSv11.
Problem conclusion
TLSv10 and TLsv11 were removed from the defaults. If a client attempts to use TLSv11 under the new defaults, The IHS error_log will contain a message similar to the following: SSL0222W: SSL Handshake Failed, No ciphers specified (no shared ciphers or no shared protocols). Client requested disabled protocol 'TLSv11'. Either protocol can be re-enabled with the directive "SSLProtocolEnable". This directive can be added immediately after each occurrence of "SSLEnable" in httpd.conf: <virtualHost *:443> ServerName www.example.com SSLEnable # Added after PH36870 to allow older protocols SSLProtocolEnable TLSv10 TLSv11 </virtualHost> The fix for this APAR is targeted for inclusion in IBM HTTP Server fix packs 8.5.5.20 and 9.0.5.9. For more information, see 'Recommended Updates for WebSphere Application Server': https://www.ibm.com/support/pages/node/715553
Temporary fix
Comments
APAR Information
APAR number
PH36870
Reported component name
IBM HTTP SERVER
Reported component ID
5724J0801
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-05-03
Closed date
2021-06-28
Last modified date
2021-09-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
IBM HTTP SERVER
Fixed component ID
5724J0801
Applicable component levels
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5"}]
Document Information
Modified date:
09 September 2021