Informix

Informix

Connect with Db2, Informix, Netezza, open source, and other data experts to gain value from your data, share insights, and solve problems.

 View Only

  • 1.  Informix TLS Cipher

    Posted Tue June 06, 2023 08:30 AM

    Hello,

     

    Since CSM is deprecated, we're on our way to implement TLS 1.2

     

    According to IBM support, there is no method to select which TLS 1.2 (or 1.3) ciphers Informix is allowed to use.

    Our servers are monitored by Tenable and only these TLS 1.2 ciphers are considered safe. Others will generate a vulnerability fault/report.

     

    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 ECDH: prime256v1 (256 bits)
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 ECDH: prime256v1 (256 bits)
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 DH (2048 bits)
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 DH (2048 bits)

     

    https://www.tenable.com/plugins/nessus/156899

     

    Maybe someone has recommendations or experience to share about this?

     

    Thanks,

     

    Benoît

     

    Bell_RGB_Small_55

    Benoît Chamberland (il/lui – he/him)

    Administrateur de bases de données | Database Administrator

    T : 514-870-2440  M : 514-207-7015

     

    Bell 2SLGBTQUIA+

     



  • 2.  RE: Informix TLS Cipher

    Posted Thu June 08, 2023 05:02 PM

    HI,

    Please vote for enhancement request https://ibm-data-and-ai.ideas.ibm.com/ideas/INFX-I-534

    Add onconfig parameter similar to DB2 ssl_cipherspecs configuration parameter

     https://www.ibm.com/docs/en/db2/10.5?topic=instance-supported-cipher-suites

    Otherwise consider just using TLS Version 1.3

    Regards,
    David.



    ------------------------------
    David Williams
    ------------------------------

    Original Message


Related Content