=============================================================================== C:E Command Line Client 1.3.00 iFix 3 Maintenance - April 2015 =============================================================================== This is a full install image of the Secure Client and includes the fixes described below. Summary of Fixes by FixPack (Latest FixPack first) ======================================================================= Summary of Fixes for v 1.3.00 iFix 3 Build 36 (April 2015) ======================================================================= Defect / APAR Description No RTC - RC4 Ciphers now turned off by default, resolving the Bar Mitzvah RC4 advisory CVE-2015-2808. No RTC - SSLv3 now turned off by default, resolving POODLE advisory CVE-2014-3566. The tlsonly parm has been deprecated. To allow SSL sessions and/or RC4 ciphers, edit the ceftp script file in the installation directory and add the line which says: ALLOWRC4=-DallowSSL=true amd / or ALLOWSSL-DallowSSL=true ======================================================================= Summary of Fixes for v 1.3.00 iFix 2 Build 32 (December 2014) ======================================================================= Defect / APAR Description No RTC - Support turning off SSLv3 by adding -Dtlsonly=true to Java startup line. Resolves POODLE advisory CVE-2014-3566. To allow only TLS sessions, edit the ceftp script in the installation directory and line which says: -Dtlsonly=true ======================================================================= Summary of Fixes for v 1.3.00 iFix 1 Build 30 (November 2013) ======================================================================= Defect / APAR Description No RTC - Upgrade to IBM JRE1.6 SR14 and InstallAnywhere 2010.