IBM Support

IC88020: SSL PROXY PROFILE USED BY DATAPOWER WEB SERVICE PROXY TO IMPORT REMOTE SCHEMATA IS NOT CONFIGURABLE

Fixes are available

Fix packs for DataPower XML Security Gateway version 6.0
Fix packs for DataPower B2B Appliance version 6.0
Fix packs for DataPower Integration Appliance version 6.0
Fix packs for DataPower Low Latency Appliance version 6.0
Fix packs for DataPower Service Gateway version 6.0

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as fixed if next.

Error description

  • XSD files located on a server not supporting RFC5746, secure
renegotiation can not be retrieved by Datapower. Datapower
always requires secure renegotiation to be supported. The SSL
Proxy Profile controling this is not configurable.

Local fix

  • There are  several work arounds for this issue.

1) change the connection to backend server serving xsd files
to HTTP
2) Enable RFC5746 support on the backend server
3) locate the xsd files local to the Datapower Appliance
4) Modify the Datapower appliance so that the connection to
backend server is not directly accessed by the WSP
configuration on Datapower.  Modify the WSP configureation to
connect through Datapower appliance first. For example the
connection would be from the WSP to a Datapower front side
handler for a MPGW. Configure the MPGW SSL proxy to allow
connectivity to a insecure SSL server.

Problem summary

  • A new configurable SSL Proxy will be added to default domain and
used for retrieving remote Schemata (instead "system-default").

By default it does not allow connections to insecure SSL servers
and results in the same error logged as before, just with a
different SSL Proxy name:
yyymmddThhmmssZ [ssl][error]
sslproxy(system-wsgw-management-loopback): tid(.....): SSL
handshake aborted due to detection of insecure SSL server

Setting "Allow connection to insecure SSL" to "On" for
system-wsgw-management-loopback will allow Web Service Proxies
to retrieve Schemata from an insecure SSL server.

Problem conclusion

  • Fix will be available in next major releases.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IC88020
    • 

  • Reported component name
    DATAPOWER
    • 

  • Reported component ID
    DP1234567
    • 

  • Reported release
    382
    • 

  • Status
    CLOSED  FIN
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2012-11-07
    • 

  • Closed date
    2013-01-11
    • 

  • Last modified date
    2013-01-16
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    DATAPOWER
    • 

  • Fixed component ID
    DP1234567
    • 



Applicable component levels


    

  • R100  PSN
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.8.2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            11 February 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback