Fixes are available
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
Java SDK 1.5 SR10 Cumulative Fix for WebSphere Application Server
6.1.0.31: Java SDK 1.5 SR11 FP1 Cumulative Fix for WebSphere Application Server
6.1.0.33: Java SDK 1.5 SR12 FP1 Cumulative Fix for WebSphere
6.1.0.29: Java SDK 1.5 SR11 Cumulative Fix for WebSphere Application Server
6.1.0.35: Java SDK 1.5 SR12 FP2 Cumulative Fix for WebSphere
6.1.0.37: Java SDK 1.5 SR12 FP3 Cumulative Fix for WebSphere
6.1.0.39: Java SDK 1.5 SR12 FP4 Cumulative Fix for WebSphere Application Server
6.1.0.41: Java SDK 1.5 SR12 FP5 Cumulative Fix for WebSphere Application Server
6.1.0.43: Java SDK 1.5 SR13 Cumulative Fix for WebSphere Application Server
6.1.0.45: Java SDK 1.5 SR14 Cumulative Fix for WebSphere Application Server
6.1.0.47: WebSphere Application Server V6.1 Fix Pack 47
6.1.0.47: Java SDK 1.5 SR16 Cumulative Fix for WebSphere Application Server
APAR status
Closed as program error.
Error description
CRL Checking is not getting turned off becuase it is overriding all properties and setting it to true due to this we unable to switch to the PKIX trust manager from X509. Example By default in security.xml We see the following ------------------------- <trustManagers xmi:id="TrustManager_1192132339753" name="IbmX509" provider="IBMJSSE2" algorithm="IbmX509" managementScope="ManagementScope_1192132339753"/> <trustManagers xmi:id="TrustManager_1192132339758" name="IbmPKIX" provider="IBMJSSE2" algorithm="IbmPKIX" trustManagerClass="" managementScope="ManagementScope_1192132339753"> <additionalTrustManagerAttrs xmi:id="DescriptiveProperty_1192132339758" name="com.ibm.security.enableCRLDP" value="true" type="boolean" displayNameKey="" nlsRangeKey="" hoverHelpKey="" range="" inclusive="false" firstClass="false"/> <additionalTrustManagerAttrs xmi:id="DescriptiveProperty_1192132339759" name="com.ibm.jsse2.checkRevocation" value="true" type="boolean" displayNameKey="" nlsRangeKey="" hoverHelpKey="" range="" inclusive="false" firstClass="false"/> </trustManagers> -------------------------------- When we set them to name="com.ibm.security.enableCRLDP" value="false" & name="com.ibm.jsse2.checkRevocation" value="false" these value is not picking so we cannot turn off Certificate Revocation (CRL checking)
Local fix
n/a
Problem summary
**************************************************************** * USERS AFFECTED: WebSphere Application Server version 6.1 * * users who are using ibmPKIX trust manager. * **************************************************************** * PROBLEM DESCRIPTION: There is no way to disable Certificate * * Revocation (CRL checking). * **************************************************************** * RECOMMENDATION: * **************************************************************** When ibmPKIX is chosen as a trust manager, WebSphere Application Server initializes ibmPKIX with predefined parameters. Therefore, even though following properties are set, they are not honored. name: com.ibm.security.enableCRLDP value:false name: com.ibm.jsse2.checkRevocation value:false
Problem conclusion
In conjunction with JDK APAR fix IZ08065, this fix takes following custom properties of trust manager: Name: com.ibm.security.enableCRLDP Value: true/false. true is default. Name: com.ibm.jsse2.checkRevocation Value: true/false. true is default. The fix for this APAR is currently targeted for inclusion in fixpack 6.1.0.15. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?uid=swg27004980 This also requires the JDK APAR fix IZ08065
Temporary fix
a test fix sent to the customer.
Comments
APAR Information
APAR number
PK56673
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
61A
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2007-11-16
Closed date
2008-01-03
Last modified date
2008-01-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
SECURITY
Fix information
Fixed component name
WEBSPH APP SERV
Fixed component ID
5724J0800
Applicable component levels
R61A PSY
UP
R61H PSY
UP
R61I PSY
UP
R61P PSY
UP
R61S PSY
UP
R61W PSY
UP
R61Z PSY
UP
Document Information
Modified date:
29 December 2021