How To
Summary
The vulnerability by plugin 42873 SSL Medium Strength Cipher Suites Supported (SWEET32) is an attack on 64-bit block ciphers in TLS or SSL ciphers that offer medium strength encryption, which regard as those with key lengths at least 56 bits and less than 112 bits.
The SWEET32 vulnerability could allow an attacker to obtain sensitive information.
This vulnerability is inherited by JazzSM DASH from WebSphere Application Server.
This does not occur on WebSphere Application Server from 8.5.5.12 or later.
More information from CVEID: CVE-2016-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183
Objective
This technote provides the steps of the workaround for JazzSM DASH that are installed with lower versions of WebSphere Application Server 8.5.5.12. The workaround is to enable TLSv1.2.
Steps
The following are the steps to enable TLSv1.2 in DASH SSL protocol.
(1) Log in to DASH, type the following URL: https://<host>:<port>/ibm/console/logon.jsp where <host>is the host name of the DASH server and <port> is the port number. The default port is 16311
(2) Click Console Settings > WebSphere Administrative Console.
(3) Click Launch WebSphere Administrative Console.
(4) Click Security > SSL certificate and key management > SSL configurations > NodeDefaultSSLSettings > Quality of protection (QoP) settings.
(5) In the Protocol field, select TLSv1.2.
(6) Click Apply.
(7) Click Save.
(8) Edit the /opt/IBM/JazzSM/profile/properties/ssl.client.props file
(9) Update the value of the com.ibm.ssl.protocol field to TLSv1.2.
For example:
com.ibm.ssl.protocol=TLSv1.2
(10) Restart server.
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEKCU","label":"Jazz for Service Management"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"1.1.3.0;1.1.3.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
22 November 2019
UID
ibm11111005