Flashes (Alerts)
Abstract
IBM WebSphere Application Server Traditional and Liberty Profile are not affected by the DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability.
Content
IBM WebSphere Application Server Traditional and Liberty Profile are not affected by the DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability. (CVE-2016-0800)
This vulnerability does NOT affect the SSL that is used by IBM WebSphere Application Server. The Server does not support the use of SSLv2.
As a reminder SSLv3 has also been removed for the IBM WebSphere Application Server http://www-01.ibm.com/support/docview.wss?uid=swg21687173
For information regarding the IBM HTTP Server - please refer to this flash: http://www-01.ibm.com/support/docview.wss?uid=swg21978317
IBM WebSphere Application Server Traditional and IBM WebSphere Application Server Liberty Profile do not support SSLv2. IBM highly recommends against using SSLv2 or SSLv3 in any other hardware or software offerings as these old versions are no longer suitable to be used given the inherited weakness of these protocols.
Change History:
03 March 2016: original document published
04 March 2016: added link to IHS flash
Was this topic helpful?
Document Information
Modified date:
25 September 2022
UID
swg21978292