IBM Connections – SSLv3 / Poodle Fix

IBM Connections / SSLv3 – Poodle Fix

IBM released SDK Fixes in order to be able to disable SSLv3 on HTTPServers (that are used for IBM Connections interservice communication).

As you might remember it was not possible to just disable SSLv3 on the HTTPServer – this led to a malfunction of IBM Connections as the interservice communication did not work anymore. The apache HTTP client did not support TLS so that the communication failed.
You can read more about the reasons in Sjaak Ursinus great post

Last week IBM released SDK fixes to get rid of these problems.

You can download the fixes here (you need to be on IC5 CR1, IC4.5 CR5 or IC4 CR4) and the newest supported WAS Fix packs.

The installation is simple:

1) Download the WAS iFix and install it using IM (Do this on ALL WAS servers in the Cell)
2) disable SSLv3 in httpd.conf (look into the 443 virtual host and add “SSLv3” to the SSLProtocolDisable property)

SSLv3_1

 

 

 

 

3) disable SSLv3 also on all other involved HTTP Servers (e.g. load balancers, reverse proxies …)
4) Start HTTP Server5) Start IBM Connections

That`s it. Feels much better to have this solved πŸ˜‰

Leave a Reply

Your email address will not be published. Required fields are marked *