IBM will stop unencrypted fix downloads in February

November 28, 2022

Timothy Prickett Morgan

We’ve heard from the IBM business partner community that, effective February 15, 2023, Big Blue will no longer allow customers to obtain unencrypted operating system software patches.

The notification, which you can view here, was sent to trading partners on November 23, just before the Thanksgiving holiday in the United States. Several IBM support methods, including IBM Electronic Fix Distribution (EFD), IBM Electronic Customer Care (ECC), and IBM Fix Central, are affected by this change.

“Many Internet industry leaders, such as the World Wide Web Consortium (W3C), the Internet Engineering Task Force (IETF), and the Internet Architecture Board (IAB), affirm that universal use of encryption is the way forward for Internet traffic”. says the ad. “Therefore, web platforms must be designed to actively favor secure communication so that data is protected in transit and at rest. In line with this industry direction, IBM IT security standards have been enforcing the use of encrypted communications. Therefore, the IBM Electronic Fix Distribution (EFD), IBM Electronic Customer Care (ECC) and IBM Fix Central systems stop supporting unencrypted fix downloads on February 15, 2023 to improve user privacy and security and to enforce IBM IT security standards. Shortly after that date, unencrypted fix download streams No more will be allowed.”

Having encrypted data between machines on the Internet certainly improves security, and it’s surprising that IBM is only getting around to this now. Part of the reason, no doubt, is that it’s a pain in the neck to reconfigure machines to support encryption at the client end of the Internet.

As one partner told me: “Most IBM shops are lazy. They know they need to do it, but they don’t know enough about their systems to do it. For my client base, that means a huge commitment to every client. On the IBM side alone, there are three different entities to change: Service, Fix Central, and MGTools, and then standalone FTP which should go to SFTP, then system and desktops should consider TLS 1.2 or 1.3 instead of SSH/SSL. Then in each store you have Windows servers and desktops. . . . This is going to be a challenge.”

IBM provides support for various operating systems, including IBM i and OS/400, as well as AIX and Linux on Power Systems, but also a wide variety of Linux and Unix and their various mainframe platforms, as well as Windows Server and VMware hypervisors. Solutions for all of these platforms will soon only be available encrypted.

It is best to resolve this before too much time passes. Like you need something else to do before the end of the year. We know.

Tags: Tags: FTP, IBM Electronic Customer Care, IBM Electronic Fix Distribution, IBM Fix Central, IBM i, Linux, MGTools, SFTP, SSH/SSL, Unix

IBM i PTF Guide, Volume 24, Issue 47

Leave a Comment