Fixes are available
9.0.0.4: WebSphere Application Server traditional V9.0 Fix Pack 4
9.0.0.5: WebSphere Application Server traditional V9.0 Fix Pack 5
9.0.0.6: WebSphere Application Server traditional V9.0 Fix Pack 6
9.0.0.7: WebSphere Application Server traditional V9.0 Fix Pack 7
9.0.0.8: WebSphere Application Server traditional V9.0 Fix Pack 8
9.0.0.9: WebSphere Application Server traditional V9.0 Fix Pack 9
9.0.0.10: WebSphere Application Server traditional V9.0 Fix Pack 10
9.0.0.11: WebSphere Application Server traditional V9.0 Fix Pack 11
9.0.5.0: WebSphere Application Server traditional Version 9.0.5 Refresh Pack
9.0.5.1: WebSphere Application Server traditional Version 9.0.5 Fix Pack 1
9.0.5.2: WebSphere Application Server traditional Version 9.0.5 Fix Pack 2
9.0.5.3: WebSphere Application Server traditional Version 9.0.5 Fix Pack 3
9.0.5.4: WebSphere Application Server traditional Version 9.0.5 Fix Pack 4
9.0.5.5: WebSphere Application Server traditional Version 9.0.5 Fix Pack 5
WebSphere Application Server traditional 9.0.5.6
9.0.5.7: WebSphere Application Server traditional Version 9.0.5 Fix Pack 7
9.0.5.8: WebSphere Application Server traditional Version 9.0.5.8
9.0.5.9: WebSphere Application Server traditional Version 9.0.5.9
9.0.5.10: WebSphere Application Server traditional Version 9.0.5.10
9.0.5.11: WebSphere Application Server traditional Version 9.0.5.11
APAR status
Closed as program error.
Error description
SSL connection failure betweeen IBM HTTP Server(IHS)/Proxy to backend IHS/Plugin resulting in error like: SSL0266E: Handshake Failed, Could not establish SSL proxy connection. GSKit error 414: GSK_ERROR_BAD_CERT SSL0234W:SSL Handshake Failed, The certificate sent by the peer has expired or is invalid. Certificate validation error during handshake, last PKIX/RFC3280 certificate validation error was GSKVAL_ERROR_CA_MISSING_CRITICAL_BASIC_CONSTRAINT
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of IHS 9.0 with proxy to backend * * IHS/Plugin * **************************************************************** * PROBLEM DESCRIPTION: SSL handshake failure between * * IHS/Proxy to backend IHS/Plugin * **************************************************************** * RECOMMENDATION: Apply this iFix if using IBM HTTP Server * * with the described configuration. * **************************************************************** Outbound SSLProxyEngine connections did not obey the default value of 'SSLAllowLegacyCerts ON' that was originally introduced in PI69979.
Problem conclusion
Updates were made to resolve this problem by respecting the default value of 'SSLAllowLegacyCerts ON'. This fix is targeted for IBM HTTP Server fix packs: - 9.0.0.4
Temporary fix
Comments
APAR Information
APAR number
PI78696
Reported component name
IBM HTTP SERVER
Reported component ID
5724J0801
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-03-23
Closed date
2017-05-16
Last modified date
2017-05-16
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
IBM HTTP SERVER
Fixed component ID
5724J0801
Applicable component levels
R900 PSY
UP
Document Information
Modified date:
07 September 2022