IBM Support

7.1.1-TIV-TDI-LA0023

Download


Abstract

This Limited Availability Interim Fix contains fix for the SSLv3 CVE-2014-3566 POODLE Vulnerability.

Download Description


+-----------------------------------------------------+
Interim Fix 7.1.1-TIV-TDI-LA0023 README
Tivoli Directory Integrator 7.1.1
LA Interim Fix 23
(All platforms)
Date: Nov 2014
+-----------------------------------------------------+

COPYRIGHT STATEMENT
====================
Nov 2014

References in this publication to IBM products, programs, or services do
not imply that IBM intends to make these available in all countries in
which IBM operates. Any reference to an IBM program product in this
publication is not intended to state or imply that only IBM's program
product may be used. Any functionally equivalent program may be used
instead.

IBM is a trademark of the International Business Machines Corporation.

Copyright International Business Machines Corporation 2014. All rights
Reserved.

Fix For
========

APAR - NA
PMR - NA


General Description:
====================
This Limited Availability Interim Fix contains fix for the SSLv3 CVE-2014-3566 POODLE Vulnerability.

Details:
========
CVE-ID: CVE-2014-3566

DESCRIPTION: SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack.
This vulnerability could allow a man-in-the-middle attacker to access the plain text of network traffic encrypted using SSLv3.

CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/97013 for the current score
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Prerequisites:
==============
Tivoli Directory Integrator v7.1.1 FP4 should be installed.

Platforms:
==========
All supported Platforms

Applying the Fix:
=================

- Shutdown TDI.
- Download the fix package to a temporary directory. The LA contains miserver.jar, diserverapirmi.jar and HTTPClientConnector.jar.
- Backup the older <TDI_Install_Dir>\jars\common\miserver.jar, TDI Install dir\jars\common\diserverapirmi.jar and <TDI_Install_Dir>\jars\connectors\HTTPClientConnector.jar from the TDI installed system. For this, rename the older files by changing its extension (Change extension to something other than .jar, .zip).
- Replace the existing miserver.jar, diserverapirmi.jar and HTTPClientConnector.jar files which were backed up earlier with the fix files.

- In the solution.properties add the following new property

## ----------------------------------
## Protocols to use for SSL
## ----------------------------------
com.ibm.di.SSLProtocols=TLSv1, TLSv1.1,TLSv1.2

- Restart TDI.

AMC/LWI Related changes.
==================
- Stop the application server. The stop_tdiamc.bat is present in the TDI_Install_Dir/bin/amc directory.
- Add or Modify below property in <TDI_Install_Dir>/lwi/conf/webcontainer.properties

com.ibm.ssl.protocol.13101=TLS

- This will force LWI to use TLS protocol instead of SSLv3 protocol.
- Start the application server.


Confirming the Fix has been applied successfully:
=================================================
Problem should be resolved.

md5sum of Files Included in this Fix:
=====================================
259ddc4fd7be63bda2390f282e3a3bc7 miserver.jar
09462dcd22d8c5380c877c1cf8370d35 diserverapirmi.jar
a8b0135fdbd98614de1ff72fae0632d3 HTTPClientConnector.jar

Prerequisites

Tivoli Directory Integrator v7.1.1 Fix Pack 4 should be installed.

Installation Instructions

Refer to 7.1.1-TIV-TDI-LA0023-README.txt for details

On
[{"DNLabel":"7.1.1-TIV-TDI-LA0023","DNDate":"12 Nov 2014","DNLang":"English","DNSize":"1164509","DNPlat":{"label":"All Platforms","code":""},"DNURL":"http://www.ibm.com/eserver/support/fixes/fixcentral/swg/selectfixes","DNURL_FTP":" ","DDURL":null}]
[{"Product":{"code":"SSCQGF","label":"Tivoli Directory Integrator"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"General","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1.1","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Product Synonym

TDI ITDI IDI SDI

Document Information

Modified date:
15 June 2018

UID

swg24038821