lekkimworld.com – Page 25 – Blog by Mikkel Flindt Heisterberg about everything and nothing

Remember to secure your IBM HTTP Server when implementing IBM Connections

In Security Now! episode 396 starting at 12:22 (to 25:25) Steve and Leo were talking about various SSL attacks and how one could verify sites. I decided to check out one of my own stock IBM Connections installs i.e. I verified the stock IBM HTTP Server (IHS) install. That was not a pleasant experience as the default IBM HTTP Server is very insecure in that it accepts SSL v.2 and hence some very weak ciphers. Using SSLLabs.com and their SSL Server Test it is very easy to test a SSL site.

Below is the results from a standard IHS install using a commercial SSL certificate. A grade of F isn’t nice.

After reading a bit on mod_ssl (the SSL module in Apache / IHS) I added the below lines to the mod_ssl section in the httpd.conf file.

## SSLv3 128 bit Ciphers
SSLCipherSpec SSL_RSA_WITH_RC4_128_MD5
SSLCipherSpec SSL_RSA_WITH_RC4_128_SHA

## FIPS approved SSLV3 and TLSv1 128 bit AES Cipher
SSLCipherSpec TLS_RSA_WITH_AES_128_CBC_SHA

## FIPS approved SSLV3 and TLSv1 256 bit AES Cipher
SSLCipherSpec TLS_RSA_WITH_AES_256_CBC_SHA

Now I’m not a SSL wizard by any means so I suggest you do your own research as well but when I restarted the IHS I got a rating of A. BAM!! How’s them apples!?

How secure is the SSL stack for your IBM Connections environment?

Finally!

32 bit or 64 bit

As part of upgrading the servers here at IntraVision I had to figure out which servers were running 32 bit and which servers were running 64 bit. It turns out there is a very simple way of doing this as there is a server statistic. Simple do a “show stat Server.Version.Architecture” and it will show the currently installed “bit-ness”.

Wow! IBM preemtive here

Received the following notification from IBM by email:

Our Fix Central records indicate that the ID associated with this email address downloaded IBM Connections 4.0 Cumulative Refresh 3 (CR3). IBM support has found an issue that may affect Notes 9 Social Edition clients accessing IBM Connections 4.0 environments with CR3 applied. iFix LO74465 was added to the 4.0 CR3 package to address this issue and is now available from Fix Central. If you have Notes 9 Social Edition clients that will access your IBM Connections 4.0 CR3 environment, please use this link to download the iFix:

http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Lotus/Lotus+Connections&release=4.0.0.0&platform=All&function=fixId&fixids=4.0.0.0-IC-Multi-COMMON-CR3-LO73535-LO74465&includeRequisites=0&includeSupersedes=0&downloadMethod=http&source=fc

If you have already applied 4.0 CR3, please use the update installer to apply LO74465.

If you have not already applied 4.0 CR3, please include LO74465 along with the rest of the fixes you already downloaded, so that it is applied as part of CR3.

Notes 9 GA IDs for plugin development

Along with Notes 9 finally going GA comes a new install_id and rcp.base version which are required if you do plugin development and done a custom setup of your Eclipse client. I’ve updated my Configure Eclipse 4.2 for Notes 9 post with the GA info.

Websphere Application Server training curriculums FREE

https://twitter.com/ibmedassistant/status/313546622044889088

I just found out via Twitter that loads of Websphere Application Training is available for free online on the IBM Education Assistant. At the page you’ll find stuff for both WAS 8 and 8.5 – nothing for 7.x though which is the version that most IBM Collaboration Solution software runs on though.

ISBG (formerly LSBG)

I’m happy to say that I will be speaking at the upcoming Norwegian IBM Social Business usergroup event in Larvik, Norway on 22-23 May 2013. The event used to be called LSBG (Lotus Samhandling Brukergruppe) but have just been renamed ISBG (IBM Samhandling Brukergruppe) to reflect the changes in the branding of the IBM collaboration solutions. I will be at the event with the OnTime team showcasing our amazing group calendar products – and who knows – we might have a little new thing up our sleeve… 🙂

Yet again the event is at this beautiful spa location in Larvik near the ocean. Can’t wait to go there and be social with the Norwegians. See you there.

Using DiscoveryServlet for debugging Connections Mail

When you install Connections Mail having a way to diagnose how Connections sees a particular users mail setup can be very helpful e.g. which mail system, which hostname, mail file etc. Digging through the network traffic in a working Connections Mail install I discovered calls to “DiscoveryServlet” which is a utility that Connections Mail itself uses for that purpose. It’s so nice. When called it returns full info about the mail setup for the queried users (by email address). To call it you use the following URL:

http://<hostname>/connections/resources/discovery/DiscoveryServlet?email=<email address>

Use at your own risk and as Stephan would say – YMMV…

New IBM Notes and Domino Certification Available – get 50% off until 25 June 2013

IBM has announced a nice new entry level certification for Notes and Domino and until 25 June 2013 you get 50% off the certification test so if it fits a suggest you go and get certified. The page I link to at the bottom has the promo code you need for the rebate.

“IBM Collaboration Solutions is pleased to announce a new associate level certification: IBM Certified Associate – Notes and Domino.
This credential requires successful completion of the test LOT-442: IBM Notes and Domino Fundamentals. This test covers IBM Notes and Domino material as it relates to competencies within the following areas:

Architecture

General Administration

Calendaring and Scheduling

Replication

Mail

Clientv
Security

XPages

Non-XPages Design

Troubleshooting

“

Generating DOM events from JavaScript

For the OnTime Group Calendar API Explorer I needed manipulate a dropdown element on the page using JavaScript which is easy enough but when doing it this way no onchange events are emitted which caused my page logic to break. Luckily for me there is a simple way to have the element emit an event using the dispatchEvent mechanism of the DOM. The element.dispatchEvent method is your friend here. The documentation shows you how to create a mouse event but I really needed a HTML based event. To create a such is done like below:

// get element
var elem = document.getElementById("some_dropdown");

// set selected option
elem.selectedIndex = 2;

// generate an 'onchange' event from 'elem'
var event = document.createEvent("HTMLEvents");
event.initEvent("change", true, true);
event.eventName = "change";
elem.dispatchEvent(event);