IBM Support

IT07236: CVE-2014-3566 POODLE ATTACK RESOLUTION FOR TAM/ISAM

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • TAM/ISAM SSL/TLS clients and servers with enabled SSL 3.0
    support might be exploited to downgrade connections to SSL 3.0,
    even if both sides of connection support higher protocols. SSL
    3.0 might demonstrate weaknesses including POODLE
    (CVE-2014-3566).
    

Local fix

Problem summary

  • Support for the TLS_FALLBACK_SCSV cipher suite to prevent
    protocol downgrading attacks when the peer also supports
    TLS_FALLBACK_SCSV fallback protection.  Note that the client
    also needs to support if it tries to connect using a lower
    protocol version.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    IT07236

  • Reported component name

    DATAPOWER

  • Reported component ID

    DP1234567

  • Reported release

    500

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2015-02-23

  • Closed date

    2015-03-16

  • Last modified date

    2015-03-17

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DATAPOWER

  • Fixed component ID

    DP1234567

Applicable component levels

  • R600 PSY

       UP

  • R601 PSY

       UP

  • R700 PSY

       UP

  • R710 PSY

       UP



Document information

More support for: IBM DataPower Gateways
General

Software version: 5.0.0

Reference #: IT07236

Modified date: 17 March 2015