ISAM – POODLE updates

When I attempted to configured ISAM for Mobile V8.0.1.0 against an old version of TAM – specifically TAM Policy Server v 6.1.1 FP 8 (and an older 6.1.1 – FP4), I ran into some problems.

2015-02-25_135519

It generated the following error:

System Error
HPDCF0062E Could not connect to the Security Access Manager policy server. 
Error code is 0x10652128. Ensure that the policy server host name, port and 
local domain name are correct.
HPDCF0079E SSL configuration failed. The error code is 0x15e3a03e.
The current TLS compliance type as enabled on the Policy server: None

HPDBA0296E The SSL communications could not be completed. An incorrectly 
formatted SSL message was received from the partner.
HPDBG0154W Could not initialize the Base SSL configuration.

I believe this is related to some changes made to ISAM and the supported SSL/TLS ciphers in the wake of the POODLE + other SSL vulnerabilities. Since SSL is effectively dead, all the communication is TLS behind the scenes in ISAM policy management.

From the Interim Fix README:

2.1 Problems fixed by patch 6.1.1-ISS-TAM-IF0013

APAR IV67364
Symptom : "POODLE" vulnerability (CVE-2014-3566) fixes

2015-02-25_145908

Since Fixpack 8 was released in September 2014, they released Interim Fix 13. This modified the available ciphers for SSL communication, and allows the latest version of ISAM for Mobile and it’s ISAM runtime to talk to an ISAM 6.1.1 Policy Server.

latest

Once the patches have been applied, restart the policy server, and try again.

configured

 

 

 

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

WordPress.com.

Up ↑

%d bloggers like this: