APAR status
Closed as program error.
Error description
WebSphere is invoking TLS1.3 even though it's not the default protocol. [9/16/21 15:38:08:998 EDT] 00000001 AsyncCommandC < _checkResult Exit java.lang.NoClassDefFoundError: com.ibm.jsse2.bf$l (initialization failure) at java.lang.J9VMInternals.initializationAlreadyFailed(J9VMInt ernals.java:95) at java.lang.Class.forNameImpl(Native Method) at java.lang.Class.forName(Class.java:333) at java.security.Provider$Service.getImplClass(Provider.java:1645) at java.security.Provider$Service.newInstance(Provider.java:1603) at sun.security.jca.GetInstance.getInstance(GetInstance.java:248) at sun.security.jca.GetInstance.getInstance(GetInstance.java:176) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:29) at com.ibm.ws.ssl.config.SSLConfigManager.addTLS13(SSLConfigMa nager.java:3817) at com.ibm.ws.ssl.config.SSLConfigManager.getProtocolList(SSLC onfigManager.java:3793) ... Caused by: java.lang.IllegalArgumentException: Only TLS1.0/TLS1.1/TLS1.2 protocol can be enabled when SP800_131 transition mode or IBMJSSE2 enabled to run in FIPS mode at com.ibm.jsse2.m.a(m.java:165) at com.ibm.jsse2.bf$l.<clinit>(bf$l.java:5) ... 42 more
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server * **************************************************************** * PROBLEM DESCRIPTION: When TLS1.3 is not the expected * * protocol, Websphere Application * * Server should recognize this and * * handle correctly any exceptions that * * are thrown. * **************************************************************** * RECOMMENDATION: * **************************************************************** The code is designed to try to use TLS 1.3. If customers are not expecting to use that protocol, such as in this case, an exception should be thrown from the JDK and caught by us. The problem is that right now we are NOT catching that ClassNotFound Exception.
Problem conclusion
The code was reviewed and updated to handle correctly the scenarios where TLS 1.3 is not used. The fix for this APAR is targeted for inclusion in fix pack 8.5.5.21, 9.0.5.11. For more information, see 'Recommended Updates for WebSphere Application Server': https://www.ibm.com/support/pages/node/715553
Temporary fix
Comments
APAR Information
APAR number
PH40829
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-09-22
Closed date
2021-10-11
Last modified date
2021-10-11
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R850 PSY
UP
R900 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
02 November 2021