About this task
SSLv3 is disabled by default in IBM® Integration Bus Version
10.0, because SSLv3 is no longer considered secure due to the POODLE vulnerability
(see
http://www.ibm.com/support/docview.wss?uid=swg21687678).
Flows that attempt to use SSLv3 report connection failures. For example:
- BIP3544E: Failed to create an SSL connection to the remote
host. Reason 'java.security.NoSuchAlgorithmException: SSLv3 SSLContext
not available'.
- BIP3135S: An exception occurred while starting the servlet
engine connector. Exception text is HTTP Listener
org.apache.catalina.LifecycleException: Failed to start
component.
For each integration server that hosts message flows that use SSLv3, complete one of the
following steps:
- Update the message flows to use TLS.
Note: You must update both sides of any
communication to use TLS:
- For any inbound communication to IBM Integration Bus, the sending
application must also be updated.
- For any outbound communication from IBM Integration Bus, the
receiving application must also be updated.
- It is strongly recommended that these changes are made to avoid the known security
vulnerability in SSLv3. However, if it is not possible to use TLS communication between IBM Integration Bus and external applications, SSLv3 can be re-enabled by using the
following commands:
where Int_Node is the name of the integration node and
Int_Server is the name of the integration server.