PK52674: FAILED SSL HANDSHAKE MAY RESULT IN A SOCKET LEAK | |||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Under certain conditions, the SSL channel will leak a socket file descriptor. The FFDC will record an entry id 507 from the SSLQueuedHandshake class. Stack Dump=javax.net.ssl.SSLException: Handshake terminated SSL engine: CLOSED at com.ibm.ssl.channel.impl. SSLUtils.handleHandshake(SSLUtils.java:808) at com.ibm.ssl.channel.impl. SSLQueuedHandshake.run(SSLQueuedHandshake.java:81)Local fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V6.1 for z/OS using SSL channel. * **************************************************************** * PROBLEM DESCRIPTION: Under certain conditions, the SSL hand * * shake will fail and leak a socket. FFDC * * shows the SSLQueuedHandshake class * * recording a "handshake terminated" * * exception. * **************************************************************** * RECOMMENDATION: * **************************************************************** In the control region, the SSL handshake work will attempt to complete on non-ACRW threads. If this queued handshake event receives an SSL handshake failure, then it is possible for the queued handshake class to mishandle the error and not properly close the socket at that point.Problem conclusion The queued handshake class will now properly notify the SSL channel code of the handshake failure in this condition. The handshake failure is then handled gracefully, according to the individual scenario. The initial handshake of a socket will result in the socket closure, while a renegotiation midstream will hand the read or write IO failure back to the channel user such as HTTP channel, or DCS channel, etc. APAR PK52674 is currently targeted for inclusion in Service Level (Fix Pack) 6.1.0.13 of WebSphere Application Server V6.1 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros Publications Referenced
|
Document Information |
Current web document: swg1PK52674.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 610
Software edition:
Reference #: PK52674
IBM Group: Software Group
Modified date: Dec 3, 2007
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.