IBM Support

PM76425: CUSTOM CIPHER SUITE LISTS FOR DAEMON NOT REPRESENTED IN ADMINSTRATIVE CONSOLE QUALITY OF PROTECTION (QOP) PANEL

Fixes are available

8.0.0.6: WebSphere Application Server V8.0 Fix Pack 6
7.0.0.29: WebSphere Application Server V7.0 Fix Pack 29
8.0.0.7: WebSphere Application Server V8.0 Fix Pack 7
6.1.0.47: WebSphere Application Server V6.1 Fix Pack 47
8.0.0.8: WebSphere Application Server V8.0 Fix Pack 8
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
8.0.0.9: WebSphere Application Server V8.0 Fix Pack 9
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
8.0.0.10: WebSphere Application Server V8.0 Fix Pack 10
7.0.0.37: WebSphere Application Server V7.0 Fix Pack 37
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
6.1.0.47: Java SDK 1.5 SR16 Cumulative Fix for WebSphere Application Server
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server
Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • A user Adds or Removes cipher suites from the QoP for an SSSL
    Repertoire and saves the changes.  The panel is found at:
    SSL certificate and key management > SSL configurations >
    <NODEName>/DefaultIIOPSSL > Quality of protection (QoP)
    
    Upon returning to the QoP panel, the cipher suite list does not
    show the changes previously saved, as if the save was not
    successful.  However, the was.env and security.xml have been
    updated with the changes.
    

Local fix

  • Manually alter/define
    com_ibm_DAEMON_claimSecurityCipherSuiteList in the Daemon's
    was.env
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of z/OS IBM WebSphere Application *
    *                  Server V7.0 and V8.0                        *
    ****************************************************************
    * PROBLEM DESCRIPTION: Alteration to enabled cipher suite for  *
    *                      the DAEMON, through the adminconsole    *
    *                      do not occur successfully.              *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    If a WebSphere Application Server z/OS customer logs into the
    adminconsole and attempts to alter the enabled cipher suites,
    these changes may or may not occur successfully.
    Here is the adminconsole breadcrumb trail:
    SSL certificate and key management > SSL configurations >
    <NODEName>/DefaultIIOPSSL > Quality of protection (QoP)
    The customer may notice that cipher suites they tried to
    enable, still show as disabled. Or cipher suites that show
    disabled, could be enabled.
    

Problem conclusion

  • Code has been changed to ensure that the high level cipher
    suite names displayed in the adminconsole will corresponed
    with underlying SSSL cipher suite selections.
    
    APAR PM76425 is currently targeted for inclusion in Fix Packs
    7.0.0.29, and 8.0.0.6 of WebSphere Application Server.
    
    Sysroute APAR PM80928 will be used to deliver this fix in
    WebSphere Application Server V6.1 Fix Pack 6.1.0.47.
    
    Please refer to URL:
    //www.ibm.com/support/docview.wss?rs=404&uid=swg27006970
    for Fix Pack availability.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM76425

  • Reported component name

    WEBSPHERE FOR Z

  • Reported component ID

    5655I3500

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-11-02

  • Closed date

    2013-01-18

  • Last modified date

    2013-07-03

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    PM80928

Fix information

  • Fixed component name

    WEBSPHERE FOR Z

  • Fixed component ID

    5655I3500

Applicable component levels

  • R700 PSY UK94926

       UP13/06/20 P F306

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.



Document information

More support for: WebSphere Application Server for z/OS
General

Software version: 7.0

Reference #: PM76425

Modified date: 03 July 2013