|
Problem IT21848
|
Status: Closed |
LDAP PLUGIN NOW ALLOWS SIGNATURE ALGORITHMS TO BE SPECIFIED WHENUSING TLS 1.2 |
| product: |
DB2 FOR LUW / DB2FORLUW / B10 - DB2 |
| Problem description: |
When using TLS 1.2, the client should provide a list of the
signature algorithms that it supports, otherwise the Server
assumes that only RSA+SHA1 are supported. This is a problem with
some LDAP Servers (eg. Active Directory) because they require
that all certificates be signed with SHA2 or better.
This APAR adds the SSL_EXTN_SIGALG keyword to the
IBMLDAPSecurity.ini. It can take the following values:
GSK_TLS_SIGALG_RSA_WITH_SHA224
GSK_TLS_SIGALG_RSA_WITH_SHA256
GSK_TLS_SIGALG_RSA_WITH_SHA384
GSK_TLS_SIGALG_RSA_WITH_SHA512
GSK_TLS_SIGALG_ECDSA_WITH_SHA224
GSK_TLS_SIGALG_ECDSA_WITH_SHA256
GSK_TLS_SIGALG_ECDSA_WITH_SHA384
GSK_TLS_SIGALG_ECDSA_WITH_SHA512
Multiple algorithms can be specified, separated by commas. |
| Problem Summary: |
****************************************************************
* USERS AFFECTED: *
* all platforms *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description *
****************************************************************
* RECOMMENDATION: *
* upgrade to db2_v111m1fp2 *
**************************************************************** |
| Local Fix: |
|
| available fix packs: |
Db2 Version 11.1 Mod 3 Fix Pack 3 for Linux, UNIX, and Windows
Db2 Version 11.1 Mod3 Fix Pack3 iFix001 for Linux, UNIX, and Windows
Db2 Version 11.1 Mod3 Fix Pack3 iFix002 for Linux, UNIX, and Windows
|
| Solution |
forward merged to db2_v111m1fp2 |
| Workaround |
not known / see Local fix |
| Timestamps |
Date - problem reported :
Date - problem closed :
Date - last modified :
| 04.08.2017
09.10.2017
09.10.2017 |
| Problem solved at the following versions (IBM BugInfos) |
|
| Problem solved according to the fixlist(s) of the following version(s) |
