Question & Answer
Question
How do you disable the MD5 algorithm for IBM Java used by SiteProtector?
Cause
MD5 is considered a less secure algorithm and is associated with a Java vulnerability on compatible-mode installs (CVE-2015-7575). Therefore, the MD5 algorithm should be disabled.
Answer
Follow the steps below to disable the MD5 algorithm within IBM Java on SiteProtector 3.1.1 and SiteProtector 3.0.0. The steps should be performed on each server with SiteProtector components (including SiteProtector Consoles).
- Close the SiteProtector Console.
- Stop the following services if they are present on the service:
SiteProtector Event Viewer Service (SiteProtector 3.0.0 only)
SiteProtector Application Server Service
SiteProtector Sensor Controller Service - Edit the java.security file under the SiteProtector JRE directories, such as:
\Program Files\ISS\SiteProtector\JRE1.7.0_SRX_FPXX\lib\security\java.security - Add MD5 to the end of the line that starts with:
jdk.certpath.disabledAlgorithms=
For example, replace:
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024with: [jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024, MD5 - Add MD5withRSA to the end of the line that starts with:
jdk.tls.disabledAlgorithms=
For example, replace:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768
with:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768, MD5withRSA - After saving the changes, restart the following services if they are present on the server:
SiteProtector Event Viewer Service (SiteProtector 3.0.0 only)
SiteProtector Application Server Service
SiteProtector Sensor Controller Service
[{"Product":{"code":"SSETBF","label":"IBM Security SiteProtector System"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Vulnerability (CVE)","Platform":[{"code":"PF033","label":"Windows"}],"Version":"3.0;3.1.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
22 January 2021
UID
swg21976152