[closed] SSL/TLS -- How to properly mitigate SSLv3 vulnerability ?
Hi,
Have a big crowd of CLM applications all running WebSphere 8.5.5.2. Just got a *high* profile notice about "POODLE" SSLv3. I know I could switch to TLS under the Quality of Protection in each and every WebSphere profile, but based on https://jazz.net/forum/questions/96722/why-are-data-warehouse-jobs-failing-with-peer-not-authenticated are the DW jobs in particular going to be affected ? That post noted that Protocol under QoP was SSL and was changed to SSL_TLS.
TIA
Kevin
Have a big crowd of CLM applications all running WebSphere 8.5.5.2. Just got a *high* profile notice about "POODLE" SSLv3. I know I could switch to TLS under the Quality of Protection in each and every WebSphere profile, but based on https://jazz.net/forum/questions/96722/why-are-data-warehouse-jobs-failing-with-peer-not-authenticated are the DW jobs in particular going to be affected ? That post noted that Protocol under QoP was SSL and was changed to SSL_TLS.
TIA
Kevin
The question has been closed for the following reason: "Self discovery" by yzwkzfn Oct 20 '14, 9:58 a.m.
Comments
Donald Nong
Oct 17 '14, 12:17 a.m.Starting from CLM 4.0.5 or 4.0.6, the bundled Tomcat server uses SSL_TLS for SSL connections by default. If the DW jobs cannot handle SSL_TLS, they would fail in such default configurations. So I believe they handle SSL_TLS just fine.
Kevin Ramer
Oct 17 '14, 8:29 a.m.My referenced post said the setting was changed from SSL to SSL_TLS, my question now is SSL_TLS to TLS.
I have tried this in a non-production websphere (an RRDI) and the application seems to function, i.e. in a CLM application I can jump over to RRDI and the security info shows the TLS high-grade.
Kevin Ramer
Oct 20 '14, 9:57 a.m.Solution: change SSL_TLS to TLS in
Security / SSL Certificate and key management / SSL Configurations / NodeDefault / QoP