PK52674: FAILED SSL HANDSHAKE MAY RESULT IN A SOCKET LEAK

 Fixes are available

6.1.0.15 WebSphere Application Server V6.1 Fix Pack 15 for i5/OS
6.1.0.13 WebSphere Application Server V6.1 Fix Pack 13 for AIX
6.1.0.15 WebSphere Application Server V6.1 Fix Pack 15 for AIX
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for HP-UX
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Windows
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Windows
6.1.0.17 WebSphere Application Server V6.1 Fix Pack 17 for i5/OS
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for i5/OS
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for HP-UX
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Linux
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Solaris
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for HP-UX
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Windows
6.1.0.17 WebSphere Application Server V6.1 Fix Pack 17 for AIX
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Solaris
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Linux
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Solaris
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Linux
6.1.0.19 WebSphere Application Server V6.1 Fix Pack 19 for AIX
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for HP-UX
6.1.0.19 WebSphere Application Server V6.1 Fix Pack 19 for i5/OS
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Linux
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Solaris
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Windows
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server



APAR status
Closed as program error.

Error description
Under certain conditions, the SSL channel will leak a socket
file descriptor. The FFDC will record an entry id 507 from the
SSLQueuedHandshake class.

Stack Dump=javax.net.ssl.SSLException: Handshake terminated SSL
engine: CLOSED
  at com.ibm.ssl.channel.impl.
    SSLUtils.handleHandshake(SSLUtils.java:808)
  at com.ibm.ssl.channel.impl.
    SSLQueuedHandshake.run(SSLQueuedHandshake.java:81)
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V6.1 for z/OS using SSL channel.             *
****************************************************************
* PROBLEM DESCRIPTION: Under certain conditions, the SSL hand  *
*                      shake will fail and leak a socket. FFDC *
*                      shows the SSLQueuedHandshake class      *
*                      recording a "handshake terminated"      *
*                      exception.                              *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
In the control region, the SSL handshake work will attempt to
complete on non-ACRW threads. If this queued handshake event
receives an SSL handshake failure, then it is possible for the
queued handshake class to mishandle the error and not properly
close the socket at that point.
Problem conclusion
The queued handshake class will now properly notify the SSL
channel code of the handshake failure in this condition. The
handshake failure is then handled gracefully, according to the
individual scenario. The initial handshake of a socket will
result in the socket closure, while a renegotiation midstream
will hand the read or write IO failure back to the channel
user such as HTTP channel, or DCS channel, etc.

APAR PK52674 is currently targeted for inclusion in Service
Level (Fix Pack) 6.1.0.13 of WebSphere Application Server V6.1
for z/OS.
Temporary fix Comments
APAR information
APAR number PK52674
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 610
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2007-09-11
Closed date 2007-10-20
Last modified date 2007-12-03

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSN    UP
R601 PSN    UP
R610 PSY UK31212    UP07/11/22 P F711

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PK52674.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 610
Software edition:
Reference #: PK52674
IBM Group: Software Group
Modified date: Dec 3, 2007