IBM Support

IV57071: PCONSOLE USES LWI 8.1.0.3 CIPHERS, NO LONGER CONSIDERED SECURE APPLIES TO AIX 7100-02

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • The original issue is that IBM Systems Director agent is
    giving error on the security scan.
    
    Customer got the following security exceptions:
    
    5336/tcp/www: SSL Enabled Server Supports Medium Strength
    SSL Encryption Certificates/Cipher
    5336/tcp/www: SSL Enabled Server Supports Weak SSL
    Encryption
    Certificates/Cipher
    5336/tcp/www: IETF X.509 Certificate Signature Collision
    Vulnerability
    
    Further investigation shows that
    
    1. Port 5336 is open only on AIX platform, used by
    pconsole;
    2. Another port 8422, which uses the same keystore as of
    5336,
       has strong cipher suites enabled and no security
    exception
       was thrown against this port.
    3. The solution for port 5336 security issue is to enable
    strong
       cipher suites for this port also.
    
    Port 5536 was using the default ciphers provided by LWI
    8.1.0.3.
    This needs to be changed by LWI and pconsole
    configurations.
    

Local fix

  • N/A
    

Problem summary

  • pconsole was using ciphers which are no longer considered
    secure
    

Problem conclusion

  • Changes are done in LWI CF framework to enable strong ciphers
    

Temporary fix

Comments

  • 6100-07 - use AIX APAR IV50606
    6100-08 - use AIX APAR IV57896
    6100-09 - use AIX APAR IV54021
    6100-09 - use AIX APAR IV54021
    6100-09 - use AIX APAR IV54021
    7100-01 - use AIX APAR IV57593
    7100-02 - use AIX APAR IV57071
    7100-03 - use AIX APAR IV54148
    7100-04 - use AIX APAR IV54232
    

APAR Information

  • APAR number

    IV57071

  • Reported component name

    AIX V7.1

  • Reported component ID

    5765H4000

  • Reported release

    710

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Submitted date

    2014-03-20

  • Closed date

    2014-03-20

  • Last modified date

    2016-05-10

  • APAR is sysrouted FROM one or more of the following:

    IV50606

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    AIX V7.1

  • Fixed component ID

    5765H4000

Applicable component levels

  • R710 PSY U862286

       UP14/08/12 I 1000

PTF to Fileset Mapping



Document information

More support for: AIX Enterprise Edition

Software version: 710

Operating system(s): AIX

Reference #: IV57071

Modified date: 10 May 2016