IBM Support

IV61569: SASL DIGEST-MD5 CLIENT DOES NOT USE THE NEGOTIATED QOP SUPPORTED BY SERVER

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Error Message: javax.security.sasl.SaslException: DIGEST-MD5:
server did not specify cipher to use for 'auth-conf'
.
Stack Trace: javax.security.sasl.SaslException: DIGEST-MD5:
server did not specify cipher to use for 'auth-conf'at
com.ibm.security.sasl.digest.DigestMD5Client.checkStrengthSuppor
t(DigestMD5Client.java:446)at
com.ibm.security.sasl.digest.DigestMD5Client.checkQopSupport(Dig
estMD5Client.java:420)at
com.ibm.security.sasl.digest.DigestMD5Client.evaluateChallenge(D
igestMD5Client.java:216)
.
This may happen when client requested QOP is different from the
server's

Local fix

  • Use the same QOP on client and server side.

Problem summary

  • When client requested and server supported QOP are different,
the client may not use the negotiated QOP

Problem conclusion

  • A fix is made to IBMSASL provider to use negotiated QOP, or
throw exception when there is no QOP match between client and
serverThe associated Hursley RTC Problem Report is 67848The
associated Hursley CMVC defect is 202278The associated Austin
CMVC defect is 115676The associated Austin APAR is IV61523JVMs
affected: Java 5.0, Java 6.0, Java 626, Java 7.0 and Java 727The
fix was delivered for Java 5.0 SR16FP7, Java 6.0 SR16FP1, Java
626 SR8FP1, Java 7.0 SR7FP1 and Java 727 SR1FP1The affected jar
is "ibmsaslprovider.jar".The build level of this jar for the
affected releases is "20140613"
.
This APAR will be fixed in the following Java Releases:
   7    SR7 FP1   (7.0.7.1)
   7 R1 SR1 FP1   (7.1.1.1)
   5.0  SR16 FP7  (5.0.16.7)
   6    SR16 FP1  (6.0.16.1)
   6 R1 SR8 FP1   (6.1.8.1)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, Java maintenance is available
from:
           https://www.ibm.com/developerworks/java/jdk/

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IV61569
    • 

  • Reported component name
    JAVA 5 SECURITY
    • 

  • Reported component ID
    620500125
    • 

  • Reported release
    500
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2014-06-16
    • 

  • Closed date
    2014-06-23
    • 

  • Last modified date
    2014-06-23
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    
IV61568
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    JAVA 5 SECURITY
    • 

  • Fixed component ID
    620500125
    • 



Applicable component levels


    

  • R500  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            07 December 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback