IBM Support

PM42425: CIPHER SETTINGS NOT POSTED IN WAS.ENV FROM COM_IBM_DAEMON_CLAIMSECURITYCIPHERSUITELIST

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • 1. The cipher list selected at panel "SSL certificate and key
    management > SSL configurations > WAS00Manager/DefaultIIOPSSL
    > Quality of protection (QoP) settings" is saved to XML only,
    It must also be set to property
    com_ibm_DAEMON_claimSecurityCipherSuiteList
    using a list of SSSL's 2-character values and placed in
    was.env.
    
    
    2. The native code must be modified to set the cipher suite list
    using com_ibm_DAEMON_claimSecurityCipherSuiteList.
    
    
    3. Native code changes are needed to safely recreate the SSSL
    sockets if "Dynamically update the run time when SSL
    configuration changes occur " is selected.
    
    When items 1 and 2 are fixed, this is automatic for
    new sockets.
    Old sockets might just need to be closed so that the clients
    reconnect and new sockets are created according to the updated
    socket attributes.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All users of WebSphere Application Server    *
    *                 V6.1                                         *
    *                                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION: Changes to SSSL setting may not         *
    *                      take effect in the Daemon.              *
    *                                                              *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    WebSphere Application Server 6.1 and 7.0 did not have the
    capability to change the SSSL security level setting to
    something other than default value.
    
    When a user changed the setting it was written to
    security.xml, but did not take effect in Z Daemon.
    

Problem conclusion

  • The code was changed to allow the default SSSL security level
    to be changed to a value other than LOW. The value can be
    changed through the Administration console or wsadmin.
    
    Users should be aware of SSSL behavior. SSSL is used for orb
    related communication. Therefore, when a client makes an RMI
    call to server on an lpar, it must first talk to the Daemon.
    The Daemon will return to the calling client the orb handle to
    the requested server.
    
    This means that the client and Daemon must use the same
    security level. Because of this, this means that the client,
    Daemon, and server must all use the same security level in
    order for this communication to take place.
    
    APAR PM42425 is currently targeted for inclusion in Service
    Level (Fix Pack) 6.1.0.39 of WebSphere Application Server V6.1.
    
    Please refer to URL:
    //www.ibm.com/support/docview.wss?rs=404&uid=swg27006970
    for Fix Pack availability.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM42425

  • Reported component name

    WEBSPHERE FOR Z

  • Reported component ID

    5655I3500

  • Reported release

    610

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2011-06-26

  • Closed date

    2011-06-29

  • Last modified date

    2011-08-01

  • APAR is sysrouted FROM one or more of the following:

    PM25277

  • APAR is sysrouted TO one or more of the following:

Modules/Macros

  • BBGUBINF BBOUBINF
    

Fix information

  • Fixed component name

    WEBSPHERE FOR Z

  • Fixed component ID

    5655I3500

Applicable component levels

  • R610 PSY UK69361

       UP11/07/16 P F107

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
10 February 2022