Apparently not all clients are affected by POODLE. I asked about the Solaris client and IBM said it was not affected. This was because many of the fixing levels was not available for Solaris.
-----Original Message----- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Mitchell, Ruth Slovik Sent: Wednesday, January 28, 2015 12:59 PM To: ADSM-L@VM.MARIST.EDU Subject: TSM server upgrade questions Hi All, I have a TSM 6.3.4.200 server running on AIX 6.1, which I'd like to upgrade primarily to patch SSL/TLS vulnerabilities, and of course, to take advantage of some newer features. My prime concern is retaining backward compatibility with some older clients (5.5, 6.1), which we need to continue to support at this time, and which I believe precludes an upgrade to 7.1.x right now. I also am unable to simply disable the SSLTCPPORT, since we have clients who use it. Would I be correct to assume an upgrade to 6.3.5.0 (as opposed to 6.3.5.100) would be the appropriate next step, and would mitigate this vulnerability? I seem to recall this might involve a database upgrade as well, is that correct? Our DB2 version is 9.7.6. If so, are there any caveats I might want to prepare for in advance? Last, since I believe the SSL/TLS issue is handled by the GSKit, has anyone ever contacted IBM to get a fixed version, and applied it separately, without a server version upgrade? This is mentioned in the security bulletin for CVE-2014-0963, http://www-01.ibm.com/support/docview.wss?uid=swg21674825&myns=swgtiv&mynp=OCSSAT9S&mynp=OCSSSQZW&mynp=OCSSSQWC&mynp=OCSSGSG7&mync=R. Many thanks in advance for your insight. ______________ Ruth S. Mitchell U of I, Urbana, IL