IBM Integration Bus, Version 10.0.0.0 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS


Migrating a flow that uses SSLv3

All message flows that use SSLv3 should be updated to use TLS.

About this task

SSLv3 is disabled by default in IBM® Integration Bus Version 10.0, because SSLv3 is no longer considered secure due to the POODLE vulnerability (see http://www.ibm.com/support/docview.wss?uid=swg21687678).

Flows that attempt to use SSLv3 report connection failures. For example:
  • BIP3544E: Failed to create an SSL connection to the remote host. Reason 'java.security.NoSuchAlgorithmException: SSLv3 SSLContext not available'.
  • BIP3135S: An exception occurred while starting the servlet engine connector. Exception text is HTTP Listener org.apache.catalina.LifecycleException: Failed to start component.
For each integration server that hosts message flows that use SSLv3, complete one of the following steps:
  • Update the message flows to use TLS.
    Note: You must update both sides of any communication to use TLS:
    • For any inbound communication to IBM Integration Bus, the sending application must also be updated.
    • For any outbound communication from IBM Integration Bus, the receiving application must also be updated.
  • If it is not possible to use TLS, re-enable SSLv3 on the integration server by running the following command:
    mqsichangeproperties Int_Node -e Int_Server -o ComIbmJVMManager -n allowSSLv3 -v true
    where Int_Node is the name of the integration node and Int_Server is the name of the integration server.

bh25006_.htm | Last updated 2015-03-27 19:28:12