ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] TSM server upgrade questions

2015-01-29 17:58:55
Subject: Re: [ADSM-L] TSM server upgrade questions
From: "Mitchell, Ruth Slovik" <rmitch AT ILLINOIS DOT EDU>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Thu, 29 Jan 2015 22:56:15 +0000 
Thanks Norman. To answer my own question, after a call with IBM, they've 
confirmed that moving to 6.3.5.000 is the best approach. It contains the needed 
SSL patches to the built-in GSKit, and the DB2 version remains at 9.7. I'll 
still be able to maintain compatibility with the older clients we're obliged to 
support for a while longer. Thought I'd share this in case anyone else is in a 
similar predicament.

Ruth

-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Gee, Norman
Sent: Wednesday, January 28, 2015 3:30 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: [ADSM-L] TSM server upgrade questions

Apparently not all clients are affected by POODLE.  I asked about the Solaris 
client and IBM said it was not affected.  This was because many of the fixing 
levels was not available for Solaris.

-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Mitchell, Ruth Slovik
Sent: Wednesday, January 28, 2015 12:59 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: TSM server upgrade questions

Hi All,

I have a TSM 6.3.4.200 server running on AIX 6.1, which I'd like to upgrade 
primarily to patch SSL/TLS vulnerabilities, and of course, to take advantage of 
some newer features. My prime concern is retaining backward compatibility with 
some older clients (5.5, 6.1), which we need to continue to support at this 
time, and which I believe precludes an upgrade to 7.1.x right now. I also am 
unable to simply disable the SSLTCPPORT, since we have clients who use it.

Would I be correct to assume an upgrade to 6.3.5.0 (as opposed to 6.3.5.100) 
would be the appropriate next step, and would mitigate this vulnerability? I 
seem to recall this might involve a database upgrade as well, is that correct? 
Our DB2 version is 9.7.6. If so, are there any caveats I might want to prepare 
for in advance?

Last, since I believe the SSL/TLS issue is handled by the GSKit, has anyone 
ever contacted IBM to get a fixed version, and applied it separately, without a 
server version upgrade? This is mentioned in the security bulletin for 
CVE-2014-0963, 
http://www-01.ibm.com/support/docview.wss?uid=swg21674825&myns=swgtiv&mynp=OCSSAT9S&mynp=OCSSSQZW&mynp=OCSSSQWC&mynp=OCSSGSG7&mync=R.


Many thanks in advance for your insight.
______________
Ruth S. Mitchell
U of I, Urbana, IL
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] TSM rant, Skylar Thompson
Next by Date:  Re: [ADSM-L] basic DR questions, Andrew Ferris
Previous by Thread:  Re: [ADSM-L] TSM server upgrade questions, Gee, Norman
Next by Thread:  [ADSM-L] ACSLS Timeout, Barkes, Jason
Indexes:  [Date] [Thread] [Top] [All Lists]