12-14-2015
Unfortunately nobody can understand what your security dept requires from you. As for me it seems that they even don't understand what they want. You have to speak with them and make clear:
1. There is no single point in a UNIX operating system, where you can enable or disable a cipher. Every application can implement its own cipher and you have no control over it.
2. There are at least 2 "cipher libraries" - IBM's GSKit and OpenSSL. OpenSSL can be IBM-compiled, Perzl-compiled, Michael Felt-compiled, Bull-compiled, and own-compiled. As far as I remember, Michael Felt also has LibreSSL for AIX, but he knows it better and he is sometimes here. This is the 3rd "cipher library", which can be used.
3. There are some places, even in AIX, which have nothing common with these libraries. E.g. password hashing is implemented using so called Loadable Password Algorithm (LPA) modules. AIX has modules for MD5, SHA1, SHA256, SHA512, Blowfish. If somebody requires some other module, they have to develop it on their own.
4. There is 3rd party software, which has their own cipher modules, and doesn't depend on libraries. The best example is OpenSSH. You can have IBM-compiled OpenSSH, or Michael's compiled OpenSSH. You can also have some other SSH-based servers and clients, e.g. Tectia SSH server. And you're right, when you speak about Java - it has its own SSL implementation.
Just to make it easy - you are not the only one, who receives such stupid requirements from people thinking they are "security professionals" and who've read yesterday for the first time in the lifes about POODLE or some other bug in OpenSSL. Your duty as a professional system administrator is to speak with them and make them clear that their requirements too inaccurate and cannot be implemented without additional information.
8 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Which network protocol is used by UNIX systems to make remote file systems appear as if they are local? (2 Replies)
Discussion started by: OLLERTON
2 Replies
2. UNIX for Dummies Questions & Answers
What protocol would be the best to use on a network with nt and unix servers and windows me clients?
Can SMB protocol be used to implement large networks?
What protocol can be used to make remote file systems appear as if they are local?
Quite a few questions I know, any help would be... (1 Reply)
Discussion started by: jnash
1 Replies
3. UNIX for Advanced & Expert Users
The more command allows a user to invoke shell. If it is run using the sudo command this will give a user a possibility to run whatever he wants with root's privilegies.
Does anybody know about a command with the same abilities that more but without escape to shell? (2 Replies)
Discussion started by: odashe
2 Replies
4. IP Networking
what method would I use to determine which IP protocols network (0 Replies)
Discussion started by: mar mar
0 Replies
5. Cybersecurity
Hi everyone, I would like to allow multi users to access P2P networks, so I wonder if there's a way to tracking these kind of protocols with netfilter, and also compatibility with nat, like the module conntrack_ftp seems to do with the FTP protocol.
Thanks guys. (0 Replies)
Discussion started by: nekkro-kvlt
0 Replies
6. Shell Programming and Scripting
Hi All,
I have bash script, so what is sintax script in bash for Enable and Disable Tab Key. Thanks for your help.:(
Thanks,
Rico (1 Reply)
Discussion started by: carnegiex
1 Replies
7. IP Networking
hello forum members,
What are L2 and L3 Protocols and can u brief me a bit little ie to gain a
basic knowledge.
Thanks & Regards
Rajkumar g (1 Reply)
Discussion started by: rajkumar_g
1 Replies
8. Red Hat
Hi all Expertise,
I have following issue to solve,
SSL / TLS Renegotiation DoS (low) 222.225.12.13
Ease of Exploitation Moderate
Port 443/tcp
Family Miscellaneous
Following is the problem description:------------------
Description The remote service encrypts traffic using TLS / SSL and... (2 Replies)
Discussion started by: manalisharmabe
2 Replies
LEARN ABOUT CENTOS
xmremoveprotocols
XmRemoveProtocols(library call) XmRemoveProtocols(library call)
NAME
XmRemoveProtocols -- A VendorShell function that removes the protocols from the protocol manager and deallocates the internal tables
SYNOPSIS
#include <Xm/Xm.h>
#include <Xm/Protocols.h>
void XmRemoveProtocols(
Widget shell,
Atom property,
Atom * protocols,
Cardinal num_protocols);
DESCRIPTION
XmRemoveProtocols removes the protocols from the protocol manager and deallocates the internal tables. If any of the protocols are active,
it will update the handlers and update the property if shell is realized.
XmRemoveWMProtocols is a convenience interface. It calls XmRemoveProtocols with the property value set to the atom returned by interning
WM_PROTOCOLS.
shell Specifies the widget with which the protocol property is associated
property Specifies the protocol property
protocols Specifies the protocol atoms
num_protocols
Specifies the number of elements in protocols
For a complete definition of VendorShell and its associated resources, see VendorShell(3).
RELATED
VendorShell(3), XmAddProtocols(3), XmInternAtom(3), and XmRemoveWMProtocols(3).
XmRemoveProtocols(library call)