PI14451: IBM HTTP SERVER WITH SSLFIPSENABLE REPORTS ERROR CODE 53817451 AT STARTUP

Fixes are available

APAR status

Closed as program error.

Error description

After enabling SSLFIPSEnable, the following message is
displayed on server start on z/OS:

Failed to configure SSLFIPSEnable, restart with a change in
FIPS is not supported (gskrc=53817451)

SSL works successfully without FIPS enabled or without the WAS
WebServer Plug-in.  Changing the relative order of the
LoadModule directives for mod_ibm_ssl and mod_was_ap22_http.so
resolves the problem

Local fix

Ensure that "LoadModule whatkilledus_module" is at the bottom
of the httpd.conf file, and "LoadModule ibm_ssl_module" is
placed before "LoadModule mod_ap22_module".

Problem summary

****************************************************************
* USERS AFFECTED:  Users of IBM HTTP Server on z/OS who are    *
*                  considering enabling FIPS support.          *
****************************************************************
* PROBLEM DESCRIPTION: Configuring "SSLFIPSEnable" on z/OS     *
*                      may generate a misleading fatal error   *
*                      at startup.                             *
****************************************************************
* RECOMMENDATION:  Apply the fix if SSLFIPSEnable is required  *
*                  on z/OS.                                    *
****************************************************************
Unique to z/OS, FIPS support is enabled per-process, and must
be enabled before any z/OS System SSL activity occurs in a
given process.  Prior to this APAR, the WAS WebServer
Plug-in could initialize before mod_ibm_ssl (order is
not defined) and setup its own System SSL environment prior to
mod_ibm_ssl.

Problem conclusion

mod_ibm_ssl is now hard-wired to initialize before
mod_was_ap22_http.so, ensuring the calls in mod_ibm_ssl to
enable FIPS will always run before SSL initialization in the
AS Plug-in.

Temporary fix

Comments

APAR Information

APAR number
PI14451
Reported component name
WAS IHS ZOS
Reported component ID
5655I3510
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2014-03-25
Closed date
2014-07-09
Last modified date
2014-07-21

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
WAS IHS ZOS
Fixed component ID
5655I3510

Applicable component levels

R850 PSY
UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
28 April 2022

Tips

PI14451: IBM HTTP SERVER WITH SSLFIPSENABLE REPORTS ERROR CODE 53817451 AT STARTUP

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R850 PSY

Document Information

Share your feedback

Need support?