ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » Usermod for ICSF or MQV7.0.1 for SSL cipherspec disabling ?

Post new topic  Reply to topic
 Usermod for ICSF or MQV7.0.1 for SSL cipherspec disabling ? « View previous topic :: View next topic » 
Author Message
ctefehinoz
PostPosted: Thu Jul 02, 2015 10:40 pm    Post subject: Usermod for ICSF or MQV7.0.1 for SSL cipherspec disabling ? Reply with quote

Apprentice

Joined: 27 Oct 2003
Posts: 29
Location: Australia

Peeps,
Just asking the question. I know that I can limit CHL cipherspecs to use TLS, but trying to determine whether I can disable selection of the rated weak ones? PCI compliance issue I am trying to find information for.

TIA
Ctefehinoz
Back to top
View user's profile Send private message
ctefehinoz
PostPosted: Thu Aug 20, 2015 7:04 pm    Post subject: Hmmm Reply with quote

Apprentice

Joined: 27 Oct 2003
Posts: 29
Location: Australia

Deafening silence but a lot of views . I have asked the question of IBM via a PMR so I'll see what they recommend.
Back to top
View user's profile Send private message
mqjeff
PostPosted: Fri Aug 21, 2015 4:28 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

I had thought that specifying cipherspecs only allowed those particular cipherspecs, and not others?

Particularly, specifying TLS does not allow SSLv3.
_________________
chmod -R ugo-wx /
Back to top
View user's profile Send private message
bruce2359
PostPosted: Fri Aug 21, 2015 4:37 am    Post subject: Reply with quote

Poobah

Joined: 05 Jan 2008
Posts: 9394
Location: US: west coast, almost. Otherwise, enroute.

The spec selected is the one preferred. The handshake negotiates down to the highest spec that both ends can implement.

This is a well-documented hack and fundamental design flaw that enables one end or the other to reduce encryption/hashing to the least secure.

What is needed is a way to indicate that the spec selected is the lowest that one end will tolerate, and not the one preferred.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live.
Back to top
View user's profile Send private message
bruce2359
PostPosted: Fri Aug 21, 2015 5:05 am    Post subject: Reply with quote

Poobah

Joined: 05 Jan 2008
Posts: 9394
Location: US: west coast, almost. Otherwise, enroute.

Moved to Security forum
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Security » Usermod for ICSF or MQV7.0.1 for SSL cipherspec disabling ?
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.