IBM i laughs at the bleeding heart 

 April 9, 2014

By  NickLitten

News of the moment is the deadly sounding HEARTBLEED SECURITY FLAW

as400 iseries ibm i is safe from heart bleed virus

The flaw, dubbed “Heartbleed”, could reveal anything which is currently being processed by a web server ā€“ including our sensitive secure information being used inside the site. Heartbleed’s technical name is ‘the CVE-2014-0160 exploit’ which exposes vulnerabilities in the popular OpenSSL server software potentially allowing the memory of SSL/TLS encrypted web servers to be compromised. The bug essentially gives the bad guys the ability to read encrypted information such as usernames, passwords, credit card numbers and any other sensitive data. The bug exists in a piece of open source software called OpenSSL, which is meant to securely encrypt communications between a user’s computer and a web server. But security researchers have no way to prove whether or not the flaw, which has existed since at least March 2012, has been exploited.

Wait – is it only me that noticed it has been around since March 2012? So, this is a big deal, but an old deal. Dont panic just yet!

Is IBM i Safe from this security exploit?

ibm i server safe

If you are a user of an IBM i System, the older iSeries or even the legacy AS400 System – don’t worry! You are NOT vulnerable to the Heartbleed bug.

<smug>As if we ever expected a different answer.</smug>

The IBM HTTP Server for IBM i does NOT use OpenSSL for its encryption. IBM i uses its own IBM written encryption code. Power systems utilising PASE do have OpenSSL, but is not leveraged by the HTTP Server. The entire HTTP server is on the ILE side of things.

So it’s — IBM 1 and Bad Guys 0


To learn more about the Heartbleed bug check out Heartbleed.com.


IBM i Software Developer, Digital Dad, AS400 Anarchist, RPG Modernizer, Shameless Trekkie, Belligerent Nerd, Englishman Abroad and Passionate Eater of Cheese and Biscuits. Nick Litten Dot Com is a mixture of blog posts that can be sometimes serious, frequently playful and probably down-right pointless all in the space of a day. Enjoy your stay, feel free to comment and remember: If at first you don't succeed then skydiving probably isn't a hobby you should look into.

Nick Litten

related posts:

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
__CONFIG_colors_palette__{"active_palette":0,"config":{"colors":{"cff50":{"name":"Main Accent","parent":-1},"a344d":{"name":"Accent Transparent","parent":"cff50"}},"gradients":[]},"palettes":[{"name":"Default","value":{"colors":{"cff50":{"val":"var(--tcb-skin-color-0)"},"a344d":{"val":"rgba(46, 138, 229, 0.85)","hsl_parent_dependency":{"h":210,"l":0.54,"s":0.78}}},"gradients":[]},"original":{"colors":{"cff50":{"val":"rgb(0, 178, 255)","hsl":{"h":198,"s":1,"l":0.5}},"a344d":{"val":"rgba(0, 178, 255, 0.85)","hsl_parent_dependency":{"h":198,"s":1,"l":0.5}}},"gradients":[]}}]}__CONFIG_colors_palette__

Get In Touch

Iā€™m always looking for awesome input, feedback and critique!