PK32676: THE SSL ENCYPTION CIPHER TRIPLE DES IS NOT PICKED UP BY WEBSPHERE AFTER BEING EXPLICITLY SET THROUGH THE ADMINCONSOLE

 Fixes are available

6.0.2.25: WebSphere Application Server V6.0.2 Fix Pack 25 for AIX platforms
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for HP-UX platforms
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for OS/400 platform
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for Solaris
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for Windows platforms
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for AIX platforms
6.0.2.25: WebSphere Application Server V6.0.2 Fix Pack 25 for HP-UX platforms
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for HP-UX platforms
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for AIX platforms
6.0.2.29: WebSphere Application Server V6.0.2 Fix Pack 29 for AIX platforms
6.0.2.29: WebSphere Application Server V6.0.2 Fix Pack 29 for HP-UX platforms
6.0.2.29: WebSphere Application Server V6.0.2 Fix Pack 29 for Linux platforms
V6.0.2: Java SDK 1.4.2 SR11 Cumulative Fix for IBM WebSphere Application Server
6.0.2.29: WebSphere Application Server V6.0.2 Fix Pack 29 for Solaris
6.0.2.29: WebSphere Application Server V6.0.2 Fix Pack 29 for Windows platforms
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for Linux platforms
6.0.2.25: WebSphere Application Server V6.0.2 Fix Pack 25 for Linux platforms
6.0.2.25: WebSphere Application Server V6.0.2 Fix Pack 25 for Solaris
6.0.2.25: WebSphere Application Server V6.0.2 Fix Pack 25 for Windows platforms
6.0.2.19: WebSphere Application Server V6.0.2 Fix Pack 19 for AIX platforms
6.0.2.19: WebSphere Application Server V6.0.2 Fix Pack 19 for HP-UX platforms
6.0.2.19: WebSphere Application Server V6.0.2 Fix Pack 19 for Windows platforms
6.0.2.19: WebSphere Application Server V6.0.2 Fix Pack 19 for OS/400 platform
6.0.2.21: WebSphere Application Server V6.0.2 Fix Pack 21 for HP-UX platforms
6.0.2.21: WebSphere Application Server V6.0.2 Fix Pack 21 for Linux platforms
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for Windows platforms
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for Solaris
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for OS/400 platform
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for Linux platforms
6.0.2.21: WebSphere Application Server V6.0.2 Fix Pack 21 for AIX platforms
6.0.2.21: WebSphere Application Server V6.0.2 Fix Pack 21 for Windows platforms
6.0.2.21: WebSphere Application Server V6.0.2 Fix Pack 21 for Solaris platforms
6.0.2.19: WebSphere Application Server V6.0.2 Fix Pack 19 for Solaris
6.0.2.19: WebSphere Application Server V6.0.2 Fix Pack 19 for Linux platforms
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for AIX platforms
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for HP-UX platforms
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for OS/400 platform
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for Linux platforms
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for Solaris
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for Windows platforms
V6.0.2: Java SDK 1.4.2 SR11 Cumulative Fix for IBM WebSphere Application Server



APAR status
Closed as program error.

Error description
The WebSphere administrative console gives the option to choose
a specific SSL encryption cipher for an SSL repertoire. One such
option is triple DES and this is represented by choosing:
.
SSL_RSA_WITH_3DES_EDE_CBC_SHA
.
Currently if this is chosen, WebSphere is not correctly setting
this to be the encryption cipher. This leads to a different
cipher to be used for encryption.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server v6.0.2          *
*                 customers.                                   *
****************************************************************
* PROBLEM DESCRIPTION: Cipher suites configured for SSL        *
*                      connections via the Administrative      *
*                      Console are saved properly but other    *
*                      ciphers not selected may also be        *
*                      permitted for use at runtime.           *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Even though a specific cipher suite (or suites) may be
configured for an SSL connection using the Administrative
Console, the server may allow use of other ciphers which are not
configured.  There is no error indicating that this has occurred
and can be verified only via tracing or browser inspection.
Problem conclusion
Code is modified to correctly activate the configured cipher
suite(s).

APAR PK32676 is currently targeted for inclusion in Service
Level (Fix Pack) 6.0.2.19 of WebSphere Application Server V6.0.1
for z/OS.
Temporary fix Comments
APAR information
APAR number PK32676
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 601
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2006-10-10
Closed date 2007-03-29
Last modified date 2007-06-05

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSN    UP
R601 PSY UK24272    UP07/05/02 P F705
R610 PSN    UP

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PK32676.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 601
Software edition:
Reference #: PK32676
IBM Group: Software Group
Modified date: Jun 5, 2007