PQ77429: JSSE ignores ciphers in list after anonymous ciphers

APAR status
Closed as program error.

Error description
There is a defect in the 3/17 JSSE that causes ciphers in a list
after an anonymous cipher to be ignored.  The failure case is
using anonymous ciphers (you can see this by the "_anon_" in the
name).  This problem is resolved in the 7/7 JSSE.
Local fix
Remove anonymous ciphers from list in client application
Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users       *
*                 who are using JSSE to make SSL connections   *
*                 with anonymous ciphers.                      *
****************************************************************
* PROBLEM DESCRIPTION: Anonymous ciphers in a list cause       *
*                      other ciphers to be ignored.            *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Anonymous ciphers in a list cause other ciphers to be ignored.
This causes erroneous handshake failures when making SSL
connections.
It is important to note that IBM JSSE will not use anonymous
ciphers by design.  This APAR only addresses the problem of
other ciphers being ignored if anonymous ciphers are present.
Problem conclusion
This is resolved in the July 7, 2003 JSSE build (20030707)
which has been integrated into WebSphere.
Temporary fix
Already tested succesfully against:
WAS_Security_07-07-2003_4.0.6-4.0.5-4.0.4-4.0.3-4.0.2-
4.0.1_JSSE_cumulative_Fix.
Comments
APAR information
APAR number PQ77429
Reported component name WEBSPHERE AE SO
Reported component ID 5630A2202
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2003-08-13
Closed date 2003-08-25
Last modified date 2003-08-25

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
Security          

Fix information

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ77429
IBM Group: Software Group
Modified date: Aug 25, 2003