IBM Mobile Connect POODLE Fix

Bill Malchisky  November 3 2014 02:45:00 AM

IBM just announced a couple of Technotes dealing with IBM Mobile Connect and POODLE. As this product is quite secure by design and a product that I enjoy as customers have a great track record with it in the field, the option to use TLS 1.0 - 1.2 is supported. The new SSL v3 security changes are implemented under APAR IV66131 -- available for IMC 6.1.5 and 6.1.5.1. Thus, if you have not upgraded IMC in the past ten days, then read below and plan your upgrade as appropriate.


Here Are The Technotes
How is IBM Mobile Connect impacted by the POODLE attack?
Configure IBM Mobile Connect to disable SSL V3 ciphers - this includes detailed particulars on the new SSL v3 command set to toggle the feature
APAR Fix List - APAR IV66131 addresses the implementation of these fixes, which disables SSL v3 by default, and commands to toggle this feature for internal or external connections; build date 22 Oct 2014
IBM Mobile Connect Maintenance Releases
Additional documentation for IMC 6.1.5 or upgrading IMC 6.1.4 to 6.1.5 is located here


Notations
1. To view your current IMC version, type: #lswg -V | more  --or-- use the Gatekeeper -> About Tab -> Connection Manager properties
2. These APAR fixes are for Connection Manager only and omit the Gatekeeper and Mobility Client in the current code stream, by design

• Comments [0]