About this task
SSLv3 is disabled by default in IBM® Integration Bus Version
10.0, because SSLv3
is no longer considered secure due to the POODLE vulnerability (see
http://www.ibm.com/support/docview.wss?uid=swg21687678).
Flows
that attempt to use SSLv3 report connection failures. For example:
- BIP3544E: Failed to create an SSL connection to
the remote host. Reason 'java.security.NoSuchAlgorithmException:
SSLv3 SSLContext not available'.
- BIP3135S: An exception occurred while starting the
servlet engine connector. Exception text is HTTP Listener org.apache.catalina.LifecycleException:
Failed to start component.
For each integration server that hosts message flows
that use SSLv3, complete one of the following steps:
- Update the message flows to use TLS.
Note: You must update both
sides of any communication to use TLS:
- For any inbound communication to IBM Integration Bus,
the sending application must also be updated.
- For any outbound communication from IBM Integration Bus, the receiving application
must also be updated.
- It is strongly recommended that these changes are made to avoid
the known security vulnerability in SSLv3. However, if it is not possible
to use TLS communication between IBM Integration Bus and
external applications, SSLv3 can be re-enabled by using the following
commands:
where Int_Node is the name of the integration
node and Int_Server is the name of the integration
server.