IBM Support

PI44781: DYNAMIC OUTBOUND ENDPOINT SSL CONFIGURATION IS NOT PICKED UP BY WEBSERVICES WHEN PROXY IS USED.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Customer has dynamic outbound endpoint SSL configuration to
    access a specific SSL endpoint accessed by their applications.
    Endpoint was accessed via a proxy, using JVM propertes
    https.proxyHost and https.proxyPort.
    When endpoint is accessed in the application using
    HttpsUrlConnection the correct SSL config is applied.
    When endpoint is accessed via JAX-RPC the default cell SSL
    settings are applied.
    
    This is a similar problem to PI31777 which is for JAX-WS.  This
    APAR is for JAX-RPC
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  WebSphere Application Server users of JAX-  *
    *                  RPC WebServices                             *
    ****************************************************************
    * PROBLEM DESCRIPTION: The dynamic outbound endpoint SSL       *
    *                      configuration fails when proxy is       *
    *                      used to access the webservices          *
    *                      endpoint.                               *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Application Server's webservices engine is organizing the
    connection information which will be used to match up the
    dynamic outbound endpoint SSL configuration from JSSE. For
    proxy case, the proxy host and port information are used
    in this connection information, which caused the match up to
    fail.
    

Problem conclusion

  • Application Server is modified to update the connection
    information for proxy case. The endpoint host and port
    information will be updated into the connection information.
    
    By default, this fix behavior is disabled.
    It can be enabled by setting following jvm custom property to
    true.
    com.ibm.ws.webservices.dynamic.ssl.proxy
    
    
    The following Knowledge Center topic describes how to set
    a JVM property:
    
    http://www-
    01.ibm.com/support/knowledgecenter/SSEQTP_8.5.5//com.ibm.websphe
    re.base.iseries.doc/ae/trun_jvm.html
    
    APAR PI44781 is currently targeted for inclusion in Fix Pack
    8.5.5.8 of WebSphere Application Server V8.5.
    
    Please refer to the Recommended Updates page for delivery
    information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    
    In addition, please refer to URL:
    http://www.ibm.com/support/docview.wss?rs=404&uid=swg27006970
    for Fix Pack PTF information.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI44781

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-07-13

  • Closed date

    2015-09-16

  • Last modified date

    2015-11-03

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R850 PSY

       UP



Document information

More support for: WebSphere Application Server
General

Software version: 850

Reference #: PI44781

Modified date: 03 November 2015