OA10424: HOD: USING HOD 9 AND NETSCAPE 4.8 WITH TLS, SESSIONS DO NOT SUCCESSFULLY CONNECT.

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• Host On-Demand V9
  __________________
  Using Host On-Demand 9.00 and 9.01 with Netscape 4.8 and TLS,
  sessions will not successfully connect to the host.
  The certificate is presented; however, the session remains
  unconnected with COMM 657 in the OIA.
  Transport traces show an End Of File response at the end of the
  negotiations.
  __________________
  Keywords:  TLS, Netscape 4.8, secure connection, COMM 657
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: Host On-Demand 9 users using Java 1 browsers *
  ****************************************************************
  * PROBLEM DESCRIPTION: Using Host On-Demand 9.00 and 9.01      *
  *                      with Netscape 4.x and Miscrosoft        *
  *                      Internet Explorer with the Microsoft    *
  *                      JVM, sessions will not successfully     *
  *                      connect to the host.                    *
  *                      The certificate is presented;           *
  *                      however, the session remains            *
  *                      unconnected with COMM657 in the OIA.    *
  *                      Transport traces show an End of File    *
  *                      response at the end of the negotiation. *
  ****************************************************************
  * RECOMMENDATION:                                              *
  ****************************************************************
  Two problems were resolved.
  With Netscape 4.x and HOD 9 and 9.01, the client could not
  connect to a telnet server if the cipher used was
  SSL_RSA_WITH_3DES_EDE_CBC_SHA.
  The connection would never complete.  Other telnet servers
  using different ciphers worked.
  With the Microsoft JVM build 3810, the browser would close
  when an SSL connection was attempted.  If the JIT in the JVM
  was disabled, the problem did not occur.
  

Problem conclusion

• The source of both problems was the SSLight code.  For
  Netscape 4.x, a workaround was added to disable the cipher
  in the HOD code and use another cipher set.
  For the Microsoft Internet Explorer Java 1 problem, a new
  build of SSLight using a different java compiler was received
  and incorporated into the code.
  

Temporary fix

• ZE FIX ERROR OA12547 05/06/30
  

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Modules/Macros

• SSLIGHT
  

Fix information

Applicable component levels

• R700 PSN

     UP

• R800 PSN

     UP

• R900 PSY IP22862

     UP05/06/06 I 1000

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.