Fixes multiple JSSE problems in WebSphere Application
Server version 4.0.1, 4.0.2, 4.03, 4.0.4, 4.0.5, 4.0.6, 4.0.7
Download Description
List of problems identified by customers through PMRs and documented
through APARs. Problems not reported by customers are included in this
component cumulative fix, but not listed:
Contains IBM JSSE 1.0.3, build 20030707.
PQ72138 - WebSphere Application Server 4.0.5 and V5, KeyManagerFactory
can't get the KeyManager:
In WebSphere Application Server 4 with fix pack 3, the KeyManagerFactory
can get KeyManagers successfully. But in WebSphere Application Server 4
with fix pack 5 and WebSphere Application Server V5, the KeyManagerFactory
can't get KeyManagers:
java.lang.ClassCastException: java.lang.Object
at com.ibm.net.ssl.b.engineGetKeyManagers(Unknow Source)
at com.ibm.net.ssl.KeyManagerFactory.getKeyManagers(UnknownSource)
at Test.main(Test.java:21)
PQ70127 - Problem with JSSE: WebSphere Application Server/LDAP system
hangs during user authentication using SSL
When customer has enabled WebSphere Application Server security with LDAP
server via SSL, entering a valid username and an invalid password causes
login to hang. Problem occurs only when using SSL. JSSE to be fixed for
resolving issue.
PQ75151 - SSLHandshakeException unknown certificate issue after JSSE
cumulative fix dated 3/17/2003 is applied
After applying the WebSphere Security JSSE R2 component cumulative fix for
V4.0.1 through V4.0.5, which uses ibmjsse.jar file dated 3/17/2003, the
customer now gets the following errors in his application server stdout
file when trying to display a document:
Error opening Input Stream:
javax.net.ssl.SSLHandshakeException: unknown certificate
java.lang.NullPointerException
The customer can bypass the error by disabling security. When the customer
tested with ibmjsse.jar file dated 5/16/2003 and the newer version dated
6/6/2003, the problem went away. Therefore, this APAR is to record the
customer symptoms and request a WebSphere packaged fixed. Customer is
running Sun Solaris V5.8 with WebSphere V4.0.4.
The customer received this error when trying to establish an SSL
connection, using JSSE, to a server that utilizes a certificate with
X509v3 certificate extensions. The program running on the WebSphere
Application server is the "client". The customer receives the following
error:
Error: javax.net.ssl.SSLHandshakeException: unknown certificate
javax.net.ssl.SSLHandshakeException:unknown cerificate
at com.ibm.jsse.JSSESocket.install(Unknown Source)
at com.ibm.jsse.JSSESocket.startHandshake (Unknown Source)
at com.ibm.net.ssl.internal.www.protocol.https.n.e(UnknownSource)
This problem was fixed with the JSSE build dated 12/13/03.
SUPERCEDES FIXES: Any JSSE componet cumulative fix dated previous to 13
Jan 2003.
Prerequisites
WebSphere Application Server version 4.0.1, 4.0.2, 4.0.3, 4.0.4,
4.0.5, 4.0.6, 4.0.7.
Installation instructions
Please see the installation instructions in the readme.txt file.