PM80235: SP800-131 SUPPORT FOR IBM HTTP SERVER

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • This feature adds support for ECDHE-RSA and ECDHE-DSA support
    to IBM HTTP Server, including TLSv1.2 support for IBM HTTP
    Server on z/OS.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  Users of IBM HTTP Server who want to use    *
    *                  Elliptic Curve Cryptography (ECC) ciphers   *
    *                  for                                         *
    *                  SSL.                                        *
    ****************************************************************
    * PROBLEM DESCRIPTION: IHS only supports ciphers that use RSA  *
    *                      key establishment and RSA signatures.   *
    ****************************************************************
    * RECOMMENDATION:  Apply the fix if your environment requires  *
    *                  Elliptic Curve Cryptography (ECC).          *
    ****************************************************************
    Ciphers using ECC key agreement and/or ECC signatures are
    possible in TLSv1.2 but not supported by IBM HTTP Server. See
    RFC 5246 for a full description of TLS1.2 ciphers, added
    ciphers are of the type ECDHE_ECDSA and ECDHE_RSA in terms of
    the RFC.
    

Problem conclusion

  • Support for ECDHE-ECDSA and ECDHE-RSA ciphers have been added
    to IHS. ECDHE-RSA ciphers can be used without changing
    certificates, but ECDHE-ECDSA  require special certificates
    with an ECC key.
    
    See
    http://publib.boulder.ibm.com/httpserv/manual70/mod/mod_ibm_ssl.
    html for full details.
    
    This fix is targeted for IBM HTTP Server fix packs:
     - 8.0.0.6
     - 8.5.0.2
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM80235

  • Reported component name

    IBM HTTP SERVER

  • Reported component ID

    5724J0801

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-01-09

  • Closed date

    2013-01-11

  • Last modified date

    2013-01-11

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    IBM HTTP SERVER

  • Fixed component ID

    5724J0801

Applicable component levels

  • R800 PSY

       UP

  • R850 PSY

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

IBM HTTP Server
Runtime

Software version:

8.5

Reference #:

PM80235

Modified date:

2013-01-11

Translate my page

Machine Translation

Content navigation