IBM Support

PI31777: DYNAMIC OUTBOUND ENDPOINT SSL CONFIGURATION IS NOT PICKED UP FORWEBSERVICES WHEN PROXY IS USED.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Customer has dynamic outbound endpoint SSL configuration to
    access a specific SSL endpoint accessed by their applications.
    Endpoint was accessed via a proxy, using JVM propertes
    https.proxyHost and https.proxyPort.
    When endpoint is accessed in the application using
    HttpsUrlConnection the correct SSL config is applied.
    When endpoint is accessed via JAX-WS the default cell SSL
    settings are applied.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  WebSphere Application Server users of       *
    *                  JAX-WS WebServices                          *
    ****************************************************************
    * PROBLEM DESCRIPTION: The dynamic outbound endpoint SSL       *
    *                      configuration failed when proxy is      *
    *                      used to access the webservices          *
    *                      endpoint.                               *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Application Server's webservices engine is organizing the
    connection information which will be used to match up the
    dynamic outbound endpoint SSL configuration from JSSE. For
    proxy case, the proxy host and port information are used
    in this connection information. Which caused
    the match up failed.
    

Problem conclusion

  • Application Server is modified to update the connection
    information for proxy case. The endpoint host and port
    information will be updated into the connection information.
    
    By default, this fix behavior is disabled.
    It can be enabled by setting following jvm custom property to
    true.
    com.ibm.ws.websvcs.dynamic.ssl.proxy
    
    
    APAR PI31777 is currently targeted for inclusion in Fix Packs
    8.0.0.14 and 8.5.5.6 of WebSphere Application Server.
    
    In addition, sysroute APAR PI78843 will provide the fix
    in WebSphere Allpication Server V7.0 Fix Pack 7.0.0.43.
    
    Please refer to the Recommended Updates page for delivery
    information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    
    In addition, please refer to URL:
    http://www.ibm.com/support/docview.wss?rs=404&uid=swg27006970
    for Fix Pack PTF information.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI31777

  • Reported component name

    WEBSPHERE FOR Z

  • Reported component ID

    5655I3500

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2014-12-18

  • Closed date

    2015-03-04

  • Last modified date

    2017-03-28

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    PI78843

Fix information

  • Fixed component name

    WEBSPHERE FOR Z

  • Fixed component ID

    5655I3500

Applicable component levels

  • R850 PSY

       UP



Document information

More support for: WebSphere Application Server for z/OS
General

Software version: 850

Reference #: PI31777

Modified date: 28 March 2017