IBM Support

PH66379:Not able to configure Liberty 25.0.0.3 and 25.0.0.4 using Semeru JDK with FIPS 140-2

Download


Downloadable File

File link File size File description

Abstract

Not able to configure Liberty 25.0.0.3 and 25.0.0.4 using Semeru JDK with FIPS 140-2.

Download Description

PH66379 resolves the following problem:

ERROR DESCRIPTION:
Administrators might not be able use FIPS 140-2 with Semeru JDK on 25.0.0.3 and 25.0.0.4 because the Liberty server thinks they are trying to run FIPS 140-3. Thus, when the administrator tries to run FIPS 140-2 with the Semeru JDK on 25.0.0.3 and 25.0.0.4, they see an error with their ltpa.keys file is missing com.ibm.websphere.ltpa.SharedKey, which should only be present in their ltpa.keys when running FIPS 140-3
They will also see logs in their server saying that the server is using FIPS 140-3 instead of FIPS 140-2.

LOCAL FIX:

PROBLEM SUMMARY

USERS AFFECTED:
All users of IBM WebSphere Application Server Liberty Core

PROBLEM DESCRIPTION:
Not able to configure Liberty 25.0.0.3 and 25.0.0.4 using Semeru JDK with FIPS 140-2.

RECOMMENDATION:
None
Administrators might not be able use FIPS 140-2 with Semeru JDK on 25.0.0.3 and 25.0.0.4 because the Liberty server thinks they are trying to run FIPS 140-3. Thus, when the administrator tries to run FIPS 140-2 with the Semeru JDK on 25.0.0.3 and 25.0.0.4, they see an error with their ltpa.keys file is missing com.ibm.websphere.ltpa.SharedKey, which should only be present in their ltpa.keys when running FIPS 140-3
They will also see logs in their server saying that the server is using FIPS 140-3 instead of FIPS 140-2.

PROBLEM CONCLUSION:
The check for FIPS 140-3 enabled has been fixed, which should now return false when the FIPS level is set to 140-2.

Open Liberty GitHub issue:
https://github.com/OpenLiberty/open-liberty/issues/31347

The fix for this APAR is targeted for inclusion in fix pack 25.0.0.5. For more information, see Recommended Updates for WebSphere Application Server:
https://www.ibm.com/support/pages/node/715553

This fix supersedes (includes) the fixes for PH65944 and PH66115.

Prerequisites

None

Download Package

 
IMPORTANT NOTE:
WebSphere Application Server and Liberty fix access requires S&S Entitlement beginning in 2021. Use properly registered IDs to download the fixes in this table. 

Signature file is provided along with interim fix. See Verifying WebSphere Application Server release packages and Verifying Liberty release packages.
DOWNLOAD RELEASE DATE SIZE(Bytes)

URL

25.0.0.3-WS-WLP-IFPH66379 08 May 2025 4782662 FC
25003-wlp-archive-IFPH66379 08 May 2025 4720919 FC
25.0.0.4-WS-WLP-IFPH66379 08 May 2025 1644580 FC
25004-wlp-archive-IFPH66379 08 May 2025 1583724 FC
Note: FC stands for Fix Central. Review the What is Fix Central (FC)? FAQs for more details.

Problems Solved

PH66379, PH65944, PH66115

On

Technical Support

Contact IBM Support at https://www.ibm.com/mysupport/ or 1-800-IBM-SERV (US only).

Document Location

Worldwide

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF017","label":"Mac OS"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"25.0.0.3;25.0.0.4","Edition":"Base","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]

Document Information

Modified date:
08 May 2025

UID

ibm17232627

Page Feedback