IBM Support

PM31156: LISTENERTHREAD ERRANTLY SPAWNS A READER THD FOR FAILED SSL HANDSHAKE

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as suggestion for future release.

Error description

  • DESC:  PK93653 introduced ORBSSLHandshakeTimeout which sets a
read
timeout before and after invoking JSSE code to perform an ssl
handshake
on a new incoming ssl connection.  The problem occurs when the
underlying socket is closed due to an exception in the JSSE
code, and
this condition is not properly checked for in the ORB layer,
thus
causing the ListenerThread to spawn a Reader (which ends up
shutting
down immediately on startup) when it should not have done so.
Sample trace:
[1/14/11 15:45:06:293 GMT] 000001ea ORBRas        1
  com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl
  getPeerCertificateChain LT=1:P=856805:O=0:port=37001 The
following
  exception was logged
                         java.net.SocketException: Socket Closed
at java.net.PlainSocketImpl.setOption
at java.net.Socket.setSoTimeout
at com.ibm.jsse2.jc.setSoTimeout
at com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.
   getPeerCertificateChain
at com.ibm.ws.orbimpl.transport.WSSSLTransportConnection$1.run
at com.ibm.ws.security.util.AccessController.doPrivileged
at com.ibm.ws.orbimpl.transport.WSSSLTransportConnection.<init>
at
com.ibm.ws.orbimpl.transport.WSTransport.createTransportConnecti
on
at com.ibm.rmi.transport.ListenerThread.run

[1/14/11 15:45:06:293 GMT] 000001ea ORBRas        3
com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl
getPeerCertificateChain(SSLSocket,ORBForTransports)
LT=1:P=856805:O=0:port=37001 exception occured when trying to
set the
timeout back to 0, most likely the socket is closed since the
handshake
took too long and reader thread times it out, theSocket =
68646864[SSL_NULL_WITH_NULL_NULL:
Socket[addr=customer.company.com/192.168.200.80,port=59038,
  localport=37001]]
...
[1/14/11 15:45:06:294 GMT] 000001ea ORBRas        >
  com.ibm.rmi.transport.ConnectionTableImpl addConnection:293
  LT=1:P=856805:O=0:port=37001 Entry
  [com.ibm.ws.orbimpl.transport.ConnectionKey@f0bfb7dc,
  host=va1sz2ecmas35.bankofamerica.com, port=59038]
  com.ibm.rmi.iiop.Connection@6fa66fa6: timeStamp=2496,
isServer=true,
  State: ESTABLISHED (2), transportConnection:
  com.ibm.ws.orbimpl.transport.WSSSLTransportConnection@68ce68ce
  socket=68646864[SSL_NULL_WITH_NULL_NULL:
  Socket[addr=customer.company.com/192.168.200.80,port=59038,
    localport=37001]]
  key=[com.ibm.ws.orbimpl.transport.ConnectionKey@f0bfb7dc,
  host=customer.company.com, port=59038]
[1/14/11 15:45:06:294 GMT] 000001ea ORBRas        <
  com.ibm.rmi.transport.ConnectionTableImpl addConnection:303
  LT=1:P=856805:O=0:port=37001 Exit
                                 size=379
[1/14/11 15:45:06:294 GMT] 000001ea ORBRas        >
  com.ibm.rmi.transport.ReaderPoolImpl addConnection:184
  LT=1:P=856805:O=0:port=37001 Entry
....

[1/14/11 15:45:06:295 GMT] 00000364 ORBRas        3
  com.ibm.rmi.iiop.Connection doReaderWorkOnce:2991

RT=384:P=856805:O=0:WSSSLTransportConnection[addr=192.168.200.80
,
  port=59038,local=37001]
  The following exception was logged
  javax.net.ssl.SSLException: Connection has been shutdown:
  javax.net.ssl.SSLException: java.net.SocketTimeoutException:
Read
  timed out
at com.ibm.jsse2.jc.i(jc.java:205)
at com.ibm.jsse2.e.read(e.java:28)
at
com.ibm.rmi.iiop.Connection.readMoreData(Connection.java:1593)
at
com.ibm.rmi.iiop.Connection.createInputStream(Connection.java:14
08)
at
com.ibm.rmi.iiop.Connection.doReaderWorkOnce(Connection.java:298
2)
at
com.ibm.rmi.transport.ReaderThread.run(ReaderPoolImpl.java:138)

Local fix

  • N/A

Problem summary

  • 



Problem conclusion


    

  • 



Temporary fix


    

  • 



Comments


    

  • APAR PM31156 is being closed SUG because it has been
decided to provide the new functionality of deferring SSL
handshakes onto an ORB Reader Thread in a possible new FIS.

    



APAR Information




    

  • APAR number
    PM31156
    • 

  • Reported component name
    WEBS APP SERV N
    • 

  • Reported component ID
    5724H8800
    • 

  • Reported release
    61A
    • 

  • Status
    CLOSED  SUG
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2011-01-25
    • 

  • Closed date
    2012-01-16
    • 

  • Last modified date
    2012-03-01
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            10 February 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback