Fixes are available
6.0.2: WebSphere Application Server V6.0 Refresh Pack 2 for AIX platforms
6.0.2: WebSphere Application Server V6.0 Refresh Pack 2 for HP-UX platforms
6.0.2: WebSphere Application Server V6.0 Refresh Pack 2 for Solaris platforms
6.0.2: WebSphere Application Server V6.0 Refresh Pack 2 for Windows platforms
6.0.2: WebSphere Application Server V6.0 Refresh Pack 2 for Linux platforms
APAR status
Closed as program error.
Error description
During an SSL handshake, if multiple SSL packets are read into the same byteBuffer, the SSL channel has a code path where data is overwritten. Test 1 http call Works as expected. Test 2 https (https://pds-rmasync.nis2.national.ncrs.nhs.uk/reliablemessaging /tms)call with no truststore or keystore in system properties (keytool)SOAP exception: javax.xml.soap.SOAPException: com.ibm.wsspi.channel.framework.exception.ChannelException: com.ibm.wsspi.channel.framework.exception.ChannelException: Invalid trust file name of null [05/05/05 09:02:22:675 BST] 000000b2 SystemOut O java.lang.NullPointerException at nhs.nhais.mhs.SOAPClient.send(SOAPClient.java:99) Test 3 https (https://pds-rmasync.nis2.national.ncrs.nhs.uk/reliablemessaging /tms)call with only truststore system property (keytool)SOAP exception: javax.xml.soap.SOAPException: com.ibm.wsspi.channel.framework.exception.ChannelException: com.ibm.wsspi.channel.framework.exception.ChannelException: No key store specified and no hardware crypto defined [05/05/05 09:04:07:175 BST] 000000b3 SystemOut O java.lang.NullPointerException Test 4 https call (https://pds-rmasync.nis2.national.ncrs.nhs.uk/reliablemessaging /tms) with truststore and keystore system property set using keytool generated keystores [05/05/05 09:07:28:084 BST] 000000cf WSChannelFram A CHFW0019I: The Transport Channel Service has started chain httpclient-https-chain:pds-rmasync.nis2.national.ncrs.nhs.uk:443 :/usr/ke ystore/nhsstore. [05/05/05 09:07:28:116 BST] 000000cf WSChannelFram A CHFW0019I: The Transport Channel Service has started chain httpclient-https-chain:pds-rmasync.nis2.national.ncrs.nhs.uk:443 :/usr/ke ystore/nhsstore. [05/05/05 09:09:26:713 BST] 00000015 TimeoutManage I WTRN0006W: Transaction 00000103ABE514EF0000000100000021140442B15C53BEB0E6551AB0D325A3DE AEB51248 00000103ABE514EF0000000100000021140442B15C53BEB0E6551AB0D325A3DE AEB51248 00000001 has timed out after 120 seconds. Test 5 Https call (https://nww.diabetes.nhsia.nhs.uk/)(no client authentication required).with trust store / keystore set using keytool about to send. [05/05/05 09:42:29:657 BST] 000000bd WSChannelFram A CHFW0019I: The Transport Channel Service has started chain httpclient-https-chain:nww.diabetes.nhsia.nhs.uk:443:/usr/keysto re/nhsstore. [05/05/05 09:42:29:664 BST] 000000bd WSChannelFram A CHFW0019I: The Transport Channel Service has started chain httpclient-https-chain:nww.diabetes.nhsia.nhs.uk:443:/usr/keysto re/nhsstore. [05/05/05 09:42:30:186 BST] 000000bd SystemOut O SOAP exception: javax.xml.soap.SOAPException: javax.net.ssl.SSLException: Handshake terminated SSL engine: CLOSED Test 6 https call (https://nww.diabetes.nhsia.nhs.uk/) (no client authentication required) with ikeyman generated keystore (keystore.jks)and truststore.jks [05/05/05 09:47:58:261 BST] 000000b4 SystemOut O about to send. [05/05/05 09:47:58:382 BST] 000000b4 WSChannelFram A CHFW0019I: The Transport Channel Service has started chain httpclient-https-chain:nww.diabetes.nhsia.nhs.uk:443:/usr/keysto re/keystore.jks. [05/05/05 09:47:58:391 BST] 000000b4 WSChannelFram A CHFW0019I: The Transport Channel Service has started chain httpclient-https-chain:nww.diabetes.nhsia.nhs.uk:443:/usr/keysto re/keystore.jks. [05/05/05 09:47:58:528 BST] 000000b4 SystemOut O SOAP exception: javax.xml.soap.SOAPException: java.lang.StringIndexOutOfBoundsException: String index out of range: -2 [05/05/05 09:47:58:529 BST] 000000b4 SystemOut O java.lang.NullPointerException at nhs.nhais.mhs.SOAPClient.send(SOAPClient.java:102) Expected result as this url does not host a web service and this line (102) refers to SOAPMessage.getSOAPBody()
Local fix
APAR required
Problem summary
**************************************************************** * USERS AFFECTED: WebSphere Application Server version 6 users * * of the SSL channel for outbound connections. * **************************************************************** * PROBLEM DESCRIPTION: If the SSL handshake involves multiple * * reads, then there is data corruption * * and the handshake fails, usually with * * a NullPointerException. * **************************************************************** * RECOMMENDATION: * **************************************************************** On secondary reads for handshake response data, the return information is overlapping with the first information read. This leads to errors in the JSSE engine, which then lead to errors in the SSL channel itself.
Problem conclusion
The buffer management has been fixed to handle multiple reads ocurring during the SSL handshake sequence. The fix for this APAR is currently targeted for inclusion in 6.0.2. Please refer to the recommended updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PK05440
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
60I
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2005-05-09
Closed date
2005-06-15
Last modified date
2005-06-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
CHANNEL
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R60A PSY
UP
R60H PSY
UP
R60I PSY
UP
R60P PSY
UP
R60S PSY
UP
R60W PSY
UP
R60Z PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
19 October 2021