A fix is available
APAR status
Closed as unreproducible in next release.
Error description
Remove RC4 cipher suites due to security issues.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users using openssl RC4 cipher suites. * **************************************************************** * PROBLEM DESCRIPTION: SSL, TLS and DTLS Plaintext Recovery * * Attack (CVE-2013-0169). * **************************************************************** * RECOMMENDATION: * **************************************************************** RC4 cipher suites are removed. Therefore the vulnerability described in CVE-2013-0169 does no longer exist.
Problem conclusion
Temporary fix
Do not use RC4-based SSL cipher suites.
Comments
Apply PTF.
APAR Information
APAR number
DY47472
Reported component name
Z/VSE CRYPTOSER
Reported component ID
5686CF917
Reported release
51S
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2013-06-12
Closed date
2013-06-25
Last modified date
2013-07-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UD53952
Modules/Macros
APPS CALLC D1LIB ERC4 EVPTEST IJBSLGSK NPKEY OSSLCONF PVKFMT SPEED SSLALGS S3ENC T1ENC
Fix information
Fixed component name
Z/VSE CRYPTOSER
Fixed component ID
5686CF917
Applicable component levels
R51S PSY UD53952
UP13/07/03 I 1000
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG32M","label":"APARs - VSE\/ESA environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"51S","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
11 December 2020