Technote (FAQ)
Question
How to disable the low level encryption along with the use of SSL v2.0 for ITM components?
Answer
To disable the security vulnerability in OpenSSL version 2, follow the below technote:
http://www-01.ibm.com/support/docview.wss?uid=swg21315078
To disable the low level encryption, add the below variable in monitoring server (TEMS), TEPS or agent server and enable a specific cypher
for example, to strengthen the RSA (256)and DES encryption add the below variable in the ITM components configuration file
Windows : GSK_V3_CIPHER_SPECS=350A
UNIX/Linux : GSK_V3_CIPHER_SPECS='350A'
The strings "35" and "0A" is described here in the GSKit documentation.
01 = NULL MD5
02 = NULL SHA
03 = RC4 MD5 EXPORT
04 = RC4 MD5 US
05 = RC4 SHA US
06 = RC2 MD5 EXPORT
09 = DES SHA EXPORT
0A = Triple DES SHA US
2F = TLS_RSA_WITH_AES_128_CBC_SHA
35 = TLS_RSA_WITH_AES_256_CBC_SHA
NULL = Default cipher specs are used (may change in future)
For AC3 = '04052F350A090306'
For AC2 = '090306' (AC2 is supported but no longer shipped)
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.