IBM Support

PI17564: CAN'T ENABLE SP800-131A AND FIPS CONCURRENTLY.

Fixes are available

8.5.5.4: WebSphere Application Server V8.5.5 Fix Pack 4
8.0.0.10: WebSphere Application Server V8.0 Fix Pack 10
7.0.0.37: WebSphere Application Server V7.0 Fix Pack 37
8.5.5.5: WebSphere Application Server V8.5.5 Fix Pack 5
8.5.5.6: WebSphere Application Server V8.5.5 Fix Pack 6
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
8.5.5.7: WebSphere Application Server V8.5.5 Fix Pack 7
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
8.5.5.8: WebSphere Application Server V8.5.5 Fix Pack 8
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
8.5.5.9: WebSphere Application Server V8.5.5 Fix Pack 9
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
8.5.5.10: WebSphere Application Server V8.5.5 Fix Pack 10
8.5.5.11: WebSphere Application Server V8.5.5 Fix Pack 11
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • 1. Unnecessary warning message : "Invalid
    fipsLevel=FIPS140-2 is specified. Ignoring"" is printed in the
    log file.
    2. When WebSphere Application Server creates SSLContext, it
    uses default SecureRandom for the provider.  This APAR
    introduces a custom property to specify algorithm and provider
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server who enable FIPS (Federal             *
    *                  Information Processing Standard) or         *
    *                  NIST sp800-131a                             *
    ****************************************************************
    * PROBLEM DESCRIPTION: WebSphere application servers           *
    *                      code needs to be updated to work with   *
    *                      recent Java update                      *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    This apar updated the code as follows:
    1 Removed deprecated JVM property
    com.ibm.jsse2.usefipsprovider
    2. Removed unnecessary warning message "Invalid
    fipsLevel=FIPS140-2 is specified. Ignoring"
    This message was printed due to the application
    server using the deprecated JVM property above.
    3. Introduced following Security toplevel property that
    provides an option to specify algorithm and provider for
    SecureRandom provider. This SecureRandom is used when
    WebSphere creates SSLContext.
    JVM property:
    com.ibm.websphere.ssl.provider.customSecureRandom
    Value  :   "algorithm|provider" ("|" as delimiter)
    For example "SHA1PRNG|IBMJCE"
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PI17564

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2014-05-08

  • Closed date

    2014-08-04

  • Last modified date

    2014-08-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R700 PSY

       UP

  • R800 PSY

       UP

  • R850 PSY

       UP



Document information

More support for: WebSphere Application Server
General

Software version: 7.0

Reference #: PI17564

Modified date: 04 August 2014