SSLv3 protocol has been disabled for System SSL
The Secure Sockets Layer version 3.0 protocol (SSLv3) is now disabled
by default for System SSL. System SSL is the IBM® i Licensed Internal Code (LIC) implementation
of SSL functionality. It is tightly coupled with the operating system
and the sockets code specifically providing extra performance and
security. System SSL is available to application developers via
two different programming interfaces and one JSSE implementation:
- Global Secure Toolkit (GSKit) APIs
- ILE C APIs accessible from other ILE languages
- Native i5/OS SSL_ APIs
- ILE C APIs accessible from other ILE languages
- This API set is not recommended, use GSKit
- Integrated IBM i JSSE implementation
- The IBM i JSSE implementation is available for JDK 1.6, JDK 7, and JDK 8.
SSL applications created by IBM, IBM business partners, independent software vendors (ISV), or customers that use one of these three interfaces to System SSL will be affected. FTP and Telnet are examples of IBM applications that use System SSL.
SSLv3 can be re-enabled by changing the QSSLPCL system value. See the SSL topic in the IBM Knowledge Center for additional information. After re-enabling SSLv3, you can make SSLv3 a default protocol again using System Service Tools (SST) Advanced Analysis Command SSLCONFIG. For additional information see the help text for SSLCONFIG.