Disabling low level encryption along with SSL v2.0

Technote (FAQ)


Question

How to disable the low level encryption along with the use of SSL v2.0 for ITM components?

Answer

To disable the security vulnerability in OpenSSL version 2, follow the below technote:

http://www-01.ibm.com/support/docview.wss?uid=swg21315078

To disable the low level encryption, add the below variable in monitoring server (TEMS), TEPS or agent server and enable a specific cypher

for example, to strengthen the RSA (256)and DES encryption add the below variable in the ITM components configuration file

Windows : GSK_V3_CIPHER_SPECS=350A
UNIX/Linux : GSK_V3_CIPHER_SPECS='350A'

The strings "35" and "0A" is described here in the GSKit documentation.

01 = NULL MD5
02 = NULL SHA
03 = RC4 MD5 EXPORT
04 = RC4 MD5 US
05 = RC4 SHA US
06 = RC2 MD5 EXPORT
09 = DES SHA EXPORT
0A = Triple DES SHA US
2F = TLS_RSA_WITH_AES_128_CBC_SHA
35 = TLS_RSA_WITH_AES_256_CBC_SHA
NULL = Default cipher specs are used (may change in future)
For AC3 = '04052F350A090306'
For AC2 = '090306' (AC2 is supported but no longer shipped)


Rate this page:

(0 users)Average rating

Document information


More support for:

Tivoli Components
ITM Tivoli Enterprise Mgmt Server V6

Software version:

6.2.1, 6.2.2, 6.2.3

Operating system(s):

AIX, Linux, Windows

Software edition:

All Editions

Reference #:

1421756

Modified date:

2011-03-24

Translate my page

Machine Translation

Content navigation