1.  Home
  2. MIDRANGE-L
  3. July 2017

Re: SSL Cipher Support and V7R1... and so it begins

And so we are again bitten by the curse of 'it just runs, leave it alone'. i 7.1 was a fantastically long lived release and too many simply don't want to believe that it could possibly be time to upgrade. If their hardware can't go beyond i 7.1 then they are on some seriously old stuff, again doesn't mean it doesn't work but wow, that's Power5 vintage up to 13 years old! Or put another way a disk drive installed in that Power5 machine in 2004 would have rotated over 100,000,000,000 times since then, yes that's 100 Billion!

I would feel sorry for these folks if they didn't get any warnings or simply had no alternatives. But they did get warnings, over and over and over and they DO have alternatives, from newer used gear to newer (FANTASTICALLY FASTER) and smaller gear or cloud (hint hint!)

Also consider if they are in environments with external communications and they refuse to update software they are setting themselves up for failure, not if simply when.

I do agree with you that IBM isn't going to enhance i 7.1. They have already provided two new releases both easy to upgrade to and they indicated many months ago that i 7.1 is in fix only mode. As it should be!

- Larry "DrFranken" Bolhuis

www.Frankeni.com
www.iDevCloud.com - Personal Development IBM i timeshare service.
www.iInTheCloud.com - Commercial IBM i Cloud Hosting.

On 7/10/2017 9:04 AM, Bradley Stone wrote:
I believe June or July 2017 was a deadline for financial institutions
to update their SSL certificates to the latest and greatest.

3 customers in one week so far have been affected, but only because
they are on V7R1. The only option is to update to V7R2 or higher. 2
out of 3 say they need new hardware to update to a new OS. So not
really "free".

I would be on the lookout if you use GETURI, HTTPAPI, or any other
socket application that uses SSL to communicate with financial
institutions if you're on V7R1 or lower. It will most likely stop
working soon if it hasn't already.

The only other option I can see to do, since IBM won't install the new
ciphers, is possibly ask them to update the SSL Handshake API to allow
you to bypass the RC(-1) No Ciphers error (and others like -24
SSL_ERROR_CERT_EXPIRED which is stupid anyhow) like you can with the
not trusted handshake error.

Wishful thinking. :)


Bradley V. Stone
www.bvstools.com
MAILTOOL Benefit #6: Easily send group emails with Distribution Lists


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.