A fix is available
APAR status
Closed as program error.
Error description
Error Message: N/A . Stack Trace: N/A .
Local fix
Problem summary
To mitigate the SSL POODLE vulnerability in the IBM JVM, SSLv3 ptotocol will be explicitly disabled via a system property that will be set by default. Even if the SSLv3 protocol is requested, JSSE will not allow its negotiation.
Problem conclusion
A fix is made to IBMJSSE2 provider:1. New property "com.ibm.jsse2.disableSSLv3= true <PIPE> false" was added to disable SSLv3. The default default is true.2. When SSLv3 is the only specified protocol, throw IllegalArgumentException.3. The "SSL" protocol label was updated to enable the following protocols:Java 5 and Java 6 - TLS 1.0Java 7Server - TLS1.0, TLS1.1 and TLS 1.2Client - TLS 1.0Java 8 - TLS 1.0, TLS 1.1 and TLS 1.2If the user turns off the system property to disable SSLv3 (-Dcom.ibm.jsse2.disableSSLv3=false), then SSLv3 will also be enabled plus the protocols listed above.The associated Hursley RTC Problem Report is 76936/77313/77639The associated Austin CMVC defect is 116040/116060/116061JVMs affected: Java 5.0, Java 6.0, Java 626, Java 7.0 and Java 727The fix was delivered for Java 5.0 SR16FP8, Java 6.0 SR16FP2, Java 626 SR8FP2, Java 7.0 SR8 and Java 727 SR2The affected jar is "ibmprovider2.jar".The build level of this jar for the affected releases is "20141024" . This APAR will be fixed in the following Java Releases: 7 SR8 (7.0.8.0) 7 R1 SR2 FP10 (7.1.2.10) 6 SR16 FP3 (6.0.16.3) 6 R1 SR8 FP2 (6.1.8.2) 5.0 SR16 FP8 (5.0.16.8) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IV66111
Reported component name
JAVA 5 SECURITY
Reported component ID
620500125
Reported release
500
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-10-20
Closed date
2014-11-05
Last modified date
2014-11-05
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
JAVA 5 SECURITY
Fixed component ID
620500125
Applicable component levels
R500 PSY
UP
[{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.0"}]
Document Information
Modified date:
02 October 2021