IBM Support

PH33903: WHEN TO RUN ON IBM JAVA, AGENTS ONLY ENABLE TLSV1

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • When using IBM Java an Agent only enables TLSv1 .
    The agent logs something like:
    
    2021-01-22 12:39:54,910 EST INFO  netty-pool-0
    com.urbancode.air.agent.comm.AgentPublicKeyPinHandler - SSL
    handshake complete: ch=41873737 local=/127.0.0.1:36868
    remote=localhost/127.0.0.1:7919 proto=TLSv1
    cipher=SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA peer ...
    
    There may be other logging from the same agent that reports
    higher TLS protocols.
    

Local fix

  • The workaround is to add the following to "worker-args.conf" in
    agent/bin directory:
    -Dcom.ibm.jsse2.overrideDefaultTLS=true
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * All end users on all supported browsers.                     *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * When using IBM Java an Agent only enables TLSv1 .            *
    * The agent logs something like:                               *
    *                                                              *
    * 2021-01-22 12:39:54,910 EST INFO  netty-pool-0               *
    * com.urbancode.air.agent.comm.AgentPublicKeyPinHandler - SSL  *
    * handshake complete: ch=41873737 local=/127.0.0.1:36868       *
    * remote=localhost/127.0.0.1:7919 proto=TLSv1                  *
    * cipher=SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA peer ...           *
    *                                                              *
    * There may be other logging from the same agent that reports  *
    * higher TLS protocols.                                        *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Fixed in version 7.1.2.0                                     *
    ****************************************************************
    

Problem conclusion

  • Fix is provided in IBM UrbanCode Deploy 7.1.2.0
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH33903

  • Reported component name

    UC DEPLOY

  • Reported component ID

    5725M5400

  • Reported release

    710

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2021-01-28

  • Closed date

    2021-02-16

  • Last modified date

    2021-05-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    UC DEPLOY

  • Fixed component ID

    5725M5400

Applicable component levels

[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SS4GSP","label":"IBM UrbanCode Deploy"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710"}]

Document Information

Modified date:
05 May 2021