PQ77489: IHS MOD_PROXY TRIES TO OPEN SSL BACKEND WHEN ONLY HTTP:// RULES DEFINED.

 A fix is available

PQ85834; 2.0.47,2.0.42,2.0.42.1,2.0.42.2: GSKit vulnerability and cumulative fix



APAR status
Closed as program error.

Error description
Using any ssl causes mod_proxy to attempt to open ssl connection
with the backend servers even if http:// is defined.
Local fix Problem summary
For each socket that is opened the SSL module
is invoked in order to set up for SSL, if it is enabled. The
need for SSL is determined by the configuration settings for the
active 'server' ( VirtualHost ). The error here occurs when the
proxy module opens a socket to the backend server. When this
occurs, the SSL module is called to check if SSL should be used
and based on the VirtualHost configuration it determines it is
needed and attempts to initialize SSL. This fails because the
SSL module is only capable of acting as an server in the SSL
environment, not as a client. In other words, the SSL module
can properly handle incoming connections using SSL but not
outgoing connections, such as to a backend server when
configured as a reverse proxy. Reverse Proxy using SSL is not
supported in this version of the IBM HTTP Server.
Problem conclusion
The SSL module has been updated to allow
interaction between the Proxy and SSL modules, which will allow
the proxy module to 'turn off' SSL for backend connections.
Temporary fix Comments
APAR information
APAR number PQ77489
Reported component name WAS HTTP SERVER
Reported component ID 5630A3603
Reported release 00A
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2003-08-14
Closed date 2003-10-01
Last modified date 2003-10-01

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
IBMSSL          

Publications Referenced

Fix information
Fixed component name WAS HTTP SERVER
Fixed component ID 5630A3603

Applicable component levels
R00A PSN    UP
R00H PSN    UP
R00I PSN    UP
R00S PSN    UP
R00W PSN    UP
R003 PSN    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > IBM HTTP Server > Runtime
Operating system(s):
Software version: 00A
Software edition:
Reference #: PQ77489
IBM Group: Software Group
Modified date: Oct 1, 2003