IBM Support

IT29858: IT IS NOT POSSIBLE TO SET THE SSLPROTOCOL FOR FTPS

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • When using the File Nodes to transfer files to or from a remote
    server using FTPS,
    it is not possible to specify the SSL/TLS protocol.
    
    Instead the protocol is hardcoded to "TLS".
    
    On IBM JRE implentations this means TLSv1.0 only.
    
    On Oracle JRE implenentations this means any enabled TLS
    protocol.
    

Local fix

  • It is possible to align the IBM JRE to treat this hard coded
    value as any allowed TLS protocol by setting the java system
    properties described here:
    
    
    https://www.ibm.com/support/knowledgecenter/en/SSYKE2_7.1.0/com.
    ibm.java.security.component.71.doc/security-component/jsse2Docs/
    matchsslcontext_tls.html#matchsslcontext_tls
    

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    All users of IBM Integration Bus version 10 or App Connect
    Enterprise version 11 using the File Nodes to transfer files
    using FTPS.
    
    
    Platforms affected:
    MultiPlatform
    
    ****************************************************************
    PROBLEM DESCRIPTION:
    <span style="background-color:rgb(255, 255, 255)">When using the
    File Nodes to transfer files to or from a remote </span><span
    style="background-color:rgb(255, 255, 255)">server using FTPS,
    </span><span style="background-color:rgb(255, 255, 255)">it is
    not possible to specify the SSL/TLS protocol.            </span>
    <span style="background-color:rgb(255, 255, 255)">
    
    </span>
    <span style="background-color:rgb(255, 255, 255)">Instead the
    protocol is hardcoded to "TLS".                    </span>
    <span style="background-color:rgb(255, 255, 255)">
    
    </span>
    <span style="background-color:rgb(255, 255, 255)">On IBM JRE
    implentations this means TLSv1.0 only.              </span>
    <span style="background-color:rgb(255, 255, 255)">
    
    </span>
    <span style="background-color:rgb(255, 255, 255)">On Oracle JRE
    implenentations this means any enabled TLS </span><span
    style="background-color:rgb(255, 255, 255)">protocol.
                     </span>
    

Problem conclusion

  • This APAR changes the default SSL/TLS protocol used by the file
    nodes to be TLSv1.2 in line with both the JRE defaults.
    
    Additionally this APAR adds a new property "sslProtocol" to the
    FtpServer configurable service definition in v10 and the
    FtpServer policy in v11 allowing the user to specify the TLS/SSL
    protocol.
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
    Version    Maintenance Level
    v10.0      10.0.0.21
    v11.0      11.0.0.9
    
    The latest available maintenance can be obtained from:
    http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006041
    
    If the maintenance level is not yet available,information on
    its planned availability can be found on:
    http://www-1.ibm.com/support/docview.wss?rs=849&uid=swg27006308
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT29858

  • Reported component name

    INTEGRATION BUS

  • Reported component ID

    5724J0540

  • Reported release

    A00

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-08-02

  • Closed date

    2020-06-17

  • Last modified date

    2020-06-17

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    INTEGRATION BUS

  • Fixed component ID

    5724J0540

Applicable component levels

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSNQK6","label":"IBM Integration Bus"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.0","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
18 June 2020