Fix (APAR): WAS_Security_12-13-2003_5.0.2.3-5.0.2.2-5.0.2.1-5.0.2-5.0.1-5.0.0_JSSE_cumulative_Fix Status: Fix Release: 5.0.2.3,5.0.2.2,5.0.2.1,5.0.2,5.0.1,5.0.0 Operating System: All Supersedes Fixes: CMVC Defect: PQ89203 Byte size of APAR: 1595272 Date: 2004-02-03 Abstract: IBM JSSE build 20031213 Description/symptom of problem: This fix contains IBM JSSE 1.0.3 build 20031213. Specific WebSphere APARs are listed below. This only reflects issues reported by WebSphere customers, however, and is not a comprehensive list of defects resolved. PQ72445 WAS4.0.5 and WAS5, KeyManagerFactory can't get the KeyManager. In WAS4 + ptf3, the KeyManagerFactory can get KeyManagers successfully. But in WAS4 + ptf5 and WAS5, the KeyManagerFactory can't get KeyManagers. java.lang.ClassCastException: java.lang.Object at com.ibm.net.ssl.b.engineGetKeyManagers(Unknow Source) at com.ibm.net.ssl.KeyManagerFactory.getKeyManagers(Unknow Source) at Test.main(Test.java:21) PQ72443 PROBLEM WITH JSSE: WAS/LDAP SYSTEM HANGS DURING USER AUTHENTICATION USING SSL When customer has enabled WAS security with LDAP server via SSL, entering a valid username and an invalid password causes login to hang. Problem occurs only when using SSL. JSSE to be fixed for resolving issue. PQ77381 SSLHANDSHAKEEXCEPTION UNKNOWN CERTIFICATE ISSUED AFTER JSSE CUMULATIVE FIX DATED 3/17/2003 IS APPLIED After applying the WebSphere Security JSSE r2 Cumulative Interim Fix for V4.0.1 - V4.0.5, which uses ibmjsse.jar file dated 3/17/2003, the customer now gets the following errors in his application server stdout file when trying to display a document: Error opening Input Stream: javax.net.ssl.SSLHandshakeException: unknown certificate java.lang.NullPointerException The customer can bypass the error if he disables security. When the customer tested with ibmjsse.jar file dated 5/16/2003 and the newer version dated 6/6/2003, the problem went away. Therefore this APAR is to record the customer symptoms and request a WebSphere packaged fixed. Customer is running Sun Solaris V5.8 with WebSphere V4.0.4. PQ82093 Client authentication fails when using JSSE shipped with 07-07-2003 Cumulative Security Fix At WebSpehre 5.0.0, client authentication to a webserver fails using the IBM JSSE shipped with WAS_Security_07-07-2003_5.0.2-5.0.1-5.0.0_JSSE_cumulative_Fix.jar. If the SUN JSSE is used instead, the client authenticaton works. Directions to apply fix: NOTE: YOU MUST FIRST DOWNLOAD THE UPDATE INSTALLER TOOL IN ORDER TO INSTALL A FIX. The Fix Installer can be downloaded from the following link: http://www-3.ibm.com/software/webservers/appserv/support/index.html 1) Create temporary "fix" directory to store the jar file: UNIX: /tmp/WebSphere/fix Windows: c:\temp\WebSphere\fix 2) Copy jar file to the directory 3) Shutdown WebSphere 4) Follow the Fix installation instructions that are packaged with the Fix Installer on how to install the Fix. 5) Restart WebSphere 6) The temp directory may be removed. Directions to remove fix: NOTE: FIXES MUST BE REMOVED IN THE ORDER THEY WERE APPLIED. DO NOT REMOVE A FIX UNLESS ALL FIXES APPLIED AFTER IT HAVE FIRST BEEN REMOVED. YOU MAY REAPPLY ANY REMOVED FIX. Example: If your system has fix1, fix2, and fix3 applied in that order and fix2 is to be removed, fix3 must be removed first, fix2 removed, and fix3 re-applied. 1) Shutdown WebSphere 2) Follow the instructions that are packaged with the Fix Installer on how to uninstall the Fix. 3) Restart WebSphere Directions to re-apply fix: 1) Shutdown WebSphere 2) Follow the Fix instructions that are packaged with the Fix Installer on how to uninstall and reinstall the Fix. 3) Restart WebSphere Additional Information: