APAR status
Closed as program error.
Error description
IBMJSSE Defect: 83375
Starting with IBMJSSE (build: 20031016), presenting no client
certificate when the server requests client authentication
responds with fatal alert, illegal parameter as opposed to
warning alert, no certificate. New version of SSLite required.
In the IBMJSSE debug trace, it can be seen that the Server is
requesting the Client's certificate. This fails because a
client certificate does not exist in the client's keyStore.
Error Message:
>> serverCertificateRequest.
SSLContext: handleCertificate[Socket[addr=chissd84.il.nbgfn.com/
10.216.89.188,port=636,localport=59123]]
SSLContext: handleCertificate[Socket[addr=chissd84.il.nbgfn.com/
10.216.89.188,port=636,localport=59123]]
<< sendAlert.
Alert: fatal, illegal parameter
Local fix
This problem is resolved in IBMJSSE Build - 20040130
(Hursley Defect 68130)
Please contact IBM Java Security Support to obtain the latest
IBMJSSE.jar file.
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server users who have *
* enabled security *
****************************************************************
* PROBLEM DESCRIPTION: SSLHandshakeException with illegal *
* parameter error message *
****************************************************************
* RECOMMENDATION: *
****************************************************************
Connection over SSL may fail. The error seen is
"SSLHandshakeException: illegal parameter".
Problem conclusion
This problem is resolved in IBM JSSE builds after 20040130.
Build 20040401 has been integrated into WebSphere.
Temporary fix Comments
APAR information |
APAR number |
PQ86261 |
Reported component name |
WAS NETWRK DEPL |
Reported component ID |
5630A3601 |
Reported release |
00S |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2004-03-17 |
Closed date |
2004-04-30 |
Last modified date |
2004-04-30 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
R103 PSY |
UP |
R10A PSY |
UP |
R10H PSY |
UP |
R10I PSY |
UP |
R10P PSY |
UP |
R10S PSY |
UP |
R10W PSY |
UP |
|