Disabling low level encryption along with SSL v2.0
How to disable the low level encryption along with the use of SSL v2.0 for ITM components?
To disable the security vulnerability in OpenSSL version 2, follow the below technote:
To disable the low level encryption, add the below variable in monitoring server (TEMS), TEPS or agent server and enable a specific cypher
for example, to strengthen the RSA (256)and DES encryption add the below variable in the ITM components configuration file
Windows : GSK_V3_CIPHER_SPECS=350A
UNIX/Linux : GSK_V3_CIPHER_SPECS='350A'
The strings "35" and "0A" is described here in the GSKit documentation.
01 = NULL MD5
02 = NULL SHA
03 = RC4 MD5 EXPORT
04 = RC4 MD5 US
05 = RC4 SHA US
06 = RC2 MD5 EXPORT
09 = DES SHA EXPORT
0A = Triple DES SHA US
2F = TLS_RSA_WITH_AES_128_CBC_SHA
35 = TLS_RSA_WITH_AES_256_CBC_SHA
NULL = Default cipher specs are used (may change in future)
For AC3 = '04052F350A090306'
For AC2 = '090306' (AC2 is supported but no longer shipped)
More support for:
ITM Tivoli Enterprise Mgmt Server V6
Software version: All Versions
Operating system(s): AIX, Linux, Windows
Software edition: All Editions
Reference #: 1421756
Modified date: 24 March 2011