The folks that can answer that question monitor the list and most likely
will respond to the list or let me know. In short, I don't know off hand.
--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Mike Cunningham
Sent: Tuesday, April 15, 2014 7:14 AM
To: Midrange Systems Technical Discussion
Subject: RE: IBM i Apache HTTP server
Thanks Jim. That is good to know and the link is very helpful for auditors.
I know it's not a PCI issue but support of perfect forward secrecy appears
to be what many of the scanning tools like Qualys SSL labs
https://www.ssllabs.com/ssltest/ check for PFS and recommend that it be
enabled. Even if IBM does not move to a new version of the Apache server do
you think they might implement PFS on the 2.2.11 version?
Mike Cunningham
VP of Information Technology Services/CIO Pennsylvania College of Technology
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Oberholtzer
Sent: Tuesday, April 15, 2014 8:05 AM
To: 'Midrange Systems Technical Discussion'
Subject: RE: IBM i Apache HTTP server
IBM contacted me to give this further information:
While the level of the Apache server that was ported is indeed 2.2.11, it is
by no means not current nor is not NOT PCI Compliant. Every security patch
that has been released that actually applies to IBM i has been included in
the IBM HTTP Server.
These details are documented on out IBM i HTTP Server product page.
Http://www-03.ibm.com/systems/power/software/i/http/support/pci-compliance.h
tml
--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jon Paris
Sent: Monday, April 14, 2014 6:02 PM
To: Midrange Systems Technical Discussion
Subject: Re: IBM i Apache HTTP server
Don't know why you have the concern Mike but some time back we raised a
similar question. In our case the "old" version was causing queries in our
PCI compliance testing. We were assured by IBM at the time that all security
fixes had been addressed in the IBM i version - they just hadn't rebuilt
using the latest versions.
On 2014-04-14, at 6:58 PM, Jim Oberholtzer <midrangel@xxxxxxxxxxxxxxxxx>
wrote:
V7R2 is reported to have a new version of Apache.
--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Mike Cunningham
Sent: Monday, April 14, 2014 1:12 PM
To: Midrange Systems Technical Discussion
Subject: IBM i Apache HTTP server
We are running V7.1 at the most recent technology release level and
with patches only a few months old. Our Apache version reports that it
is 2.2.11 which according to this site
http://www.apachehaus.com/index.php?option=com_content&view=article&id
=119&I
temid=104 was released in 2008 and has had 19 newer releases and there
is a version 2.4.x that was first released in 2012 and is currently at
2.4.9 which was released just a month ago.
Does anyone know when IBM might be providing a newer version of their
implementation of Apache for IBM i platform?
Thanks
Mike Cunningham
VP of Information Technology Services/CIO Pennsylvania College of
Technology
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.
Jon Paris
www.partner400.com
www.SystemiDeveloper.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at
http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at
http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at
http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.