7.3 Items to Be Aware of When Upgrading to IBM i 7.3 – Part 3

This is part 3 of a 4 part series on the new IBM i 7.3 Upgrade. Links to the rest of the series are listed a the bottom of this article.

5. IBM i NetServer Shared Printer Changes

be prepared for the IBM i 7.3 upgradeNetServer Shared Printers will behave differently after upgrading to IBM i 7.3. There is a new version of the Server Message Block (SMB) protocol. Version 2 (SMB2) has been added and is now the default that is negotiated with IBM i NetServer clients. The new protocol handles printing differently and printer functions will no longer work as they did in prior releases. Documents can still be printed to shared printer queues from Windows clients, but additional steps are required to configure the printer.

SMB2 support can be disabled on the system if the printing limitations are incompatible with existing network printer use.

6. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Changes

It may seem that you have issues every day on your PC when using Java and your browser, especially when it comes to SSL and TLS. There are so many vulnerabilities that what we thought was once secure, just is no longer.  So, for IBM i 7.3, only cipher suites considered secure are included.

The system value QSSLCSL cipher specification list generated when system value QSSLCSLCTL is *OPSYS has changed from the previous release. The IBM i 7.3 list contains only cipher suites considered okay for use by security compliance definitions at the time 7.3 was released. It is impossible for an application using System SSL/TLS to use a cipher suite not listed in QSSLCSL. Administrators can control the ciphers supported by System SSL/TLS via the system value QSSLCSL when QSSLCSLCTL is set to *USRDFN.(Learn more about SSL/TLS changes for IBM i 7.3 here.)

List change highlights:

  • The Rivest Cipher 4 (RC4) 128-bit ciphers are removed.
  • The Galois/Counter Mode (GCM) ciphers are now listed first, which makes them preferred over the Cipher Block Chaining (CBC) ciphers.
  • All ciphers with less than 128-bit are removed.

Upgrade_Assessment

This was Part 3 of a four part series. See the following posts below:

Leave a Reply

Your email address will not be published. Required fields are marked *