IBM Support

IV54021: PCONSOLE USES LWI 8.1.0.3 CIPHERS, NO LONGER CONSIDERED SECURE APPLIES TO AIX 6100-09

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • The original issue is that IBM Systems Director agent is
    giving error on the security scan.
    
    Customer got the following security exceptions:
    
    5336/tcp/www: SSL Enabled Server Supports Medium Strength
    SSL Encryption Certificates/Cipher
    5336/tcp/www: SSL Enabled Server Supports Weak SSL
    Encryption
    Certificates/Cipher
    5336/tcp/www: IETF X.509 Certificate Signature Collision
    Vulnerability
    
    Further investigation shows that
    
    1. Port 5336 is open only on AIX platform, used by
    pconsole;
    2. Another port 8422, which uses the same keystore as of
    5336,
       has strong cipher suites enabled and no security
    exception
       was thrown against this port.
    3. The solution for port 5336 security issue is to enable
    strong
       cipher suites for this port also.
    
    Port 5536 was using the default ciphers provided by LWI
    8.1.0.3.
    This needs to be changed by LWI and pconsole
    configurations.
    

Local fix

  • N/A
    

Problem summary

  • pconsole was using ciphers which are no longer considered
    secure
    

Problem conclusion

  • Changes are done in LWI CF framework to enable strong ciphers
    

Temporary fix

Comments

  • 6100-07 - use AIX APAR IV50606
    6100-08 - use AIX APAR IV57896
    6100-09 - use AIX APAR IV54021
    6100-09 - use AIX APAR IV54021
    6100-09 - use AIX APAR IV54021
    7100-01 - use AIX APAR IV57593
    7100-02 - use AIX APAR IV57071
    7100-03 - use AIX APAR IV54148
    7100-04 - use AIX APAR IV54232
    

APAR Information

  • APAR number

    IV54021

  • Reported component name

    AIX 610 STD EDI

  • Reported component ID

    5765G6200

  • Reported release

    610

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Submitted date

    2014-01-14

  • Closed date

    2014-01-14

  • Last modified date

    2016-05-10

  • APAR is sysrouted FROM one or more of the following:

    IV50606

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    AIX 610 STD EDI

  • Fixed component ID

    5765G6200

Applicable component levels

  • R610 PSY U861152

       UP14/10/28 I 1000

PTF to Fileset Mapping



Document information

More support for: AIX Standard Edition

Software version: 610

Operating system(s): AIX

Reference #: IV54021

Modified date: 10 May 2016