IBM Support

PH04951: IMAGES IN PDF OUTPUT FAIL TO LOAD IF SERVED VIA TLS1.2 BY MICROSOFT IIS USING SHA256 SIGNED CERTIFICATE

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as fixed if next.

Error description

  • When rendering a report containing images referenced by absolute
    HTTPS URL to PDF, CA fails to retrieve the images if the server
    hosting the images is supporting TLS1.2 and is strictly RFC 5246
    compliant and uses a non-SHA1 signature on its server
    certificate.
    This is caused by CA NOT sending the signature_algorithms
    extension in ClientHello. This will cause strict implementations
    of TLS1.2 RFC 5246
    to conclude that the client only supports SHA1 and RSA signature
    algorithms and hence the server will close the connection
    instantly as it
    is deemed incompatible.
    

Local fix

  • - Disable TLS 1.2 on the IIS. TLS1.1 does not enforce the
    signature-algorithms extension
    - Do not use IIS
    - insert SSL terminating proxy, which uses TLS1.1 to talk to IIS
    - copy images to APPTiers (ref. "Resolving images")
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * All Users                                                    *
    *                                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See Error Description                                        *
    *                                                              *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Upgrade to IBM Cognos Analytics 11.1.2                       *
    ****************************************************************
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PH04951

  • Reported component name

    COG REPORT STUD

  • Reported component ID

    5724W12RS

  • Reported release

    B0A

  • Status

    CLOSED FIN

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-11-06

  • Closed date

    2019-06-05

  • Last modified date

    2019-06-05

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCHNWW","label":"Report Authoring v11x"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"B0A","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
05 June 2019