Fixes are available
Java SDK 1.5 SR10 Cumulative Fix for WebSphere Application Server
6.1.0.31: Java SDK 1.5 SR11 FP1 Cumulative Fix for WebSphere Application Server
PM06566; 6.1.0.29: The WS-Security runtime is experiencing processing problems w
6.1.0.33: Java SDK 1.5 SR12 FP1 Cumulative Fix for WebSphere
6.1.0.29: Java SDK 1.5 SR11 Cumulative Fix for WebSphere Application Server
6.1.0.35: Java SDK 1.5 SR12 FP2 Cumulative Fix for WebSphere
6.1.0.37: Java SDK 1.5 SR12 FP3 Cumulative Fix for WebSphere
6.1.0.47: WebSphere Application Server V6.1 Fix Pack 47
6.1.0.39: Java SDK 1.5 SR12 FP4 Cumulative Fix for WebSphere Application Server
6.1.0.41: Java SDK 1.5 SR12 FP5 Cumulative Fix for WebSphere Application Server
6.1.0.43: Java SDK 1.5 SR13 Cumulative Fix for WebSphere Application Server
6.1.0.45: Java SDK 1.5 SR14 Cumulative Fix for WebSphere Application Server
6.1.0.47: Java SDK 1.5 SR16 Cumulative Fix for WebSphere Application Server
APAR status
Closed as program error.
Error description
The problem scenario is the following: web service client web service provider ------------------ -------------------- WAS JAX-WS target external web service --> forward --> web service client proxy endpoint When a JAX-WS web service client running in WebSphere Application Server v6.1 + Feature Pack for Web Services attempts to call a remote web service over HTTPS, the following exception is logged to SystemErr.log when the call is directed through an HTTP server configured as a forward proxy: [11/6/08 20:40:29:313 GMT] 0000005a SystemErr R javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure [11/6/08 20:40:29:313 GMT] 0000005a SystemErr R at com.ibm.jsse2.n.a(n.java:39) [11/6/08 20:40:29:313 GMT] 0000005a SystemErr R at com.ibm.jsse2.n.a(n.java:14) [11/6/08 20:40:29:313 GMT] 0000005a SystemErr R at com.ibm.jsse2.qb.b(qb.java:153) [11/6/08 20:40:29:313 GMT] 0000005a SystemErr R at com.ibm.jsse2.qb.a(qb.java:394) [11/6/08 20:40:29:313 GMT] 0000005a SystemErr R at com.ibm.jsse2.qb.unwrap(qb.java:198) [11/6/08 20:40:29:313 GMT] 0000005a SystemErr R at com.ibm.ws.ssl.channel.impl.SSLUtils.handleHandshake(SSLUtils.ja va:795) [11/6/08 20:40:29:313 GMT] 0000005a SystemErr R at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.readyOutbound(SSLC onnectionLink.java:789) [11/6/08 20:40:29:313 GMT] 0000005a SystemErr R at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.connect(SSLConnect ionLink.java:983) A JSSE trace will show the following entries: [10/30/08 18:51:56:893 GMT] 00000038 SystemOut O JSSE_NIO: ProtoSSLEngine, read record [10/30/08 18:51:56:893 GMT] 00000038 SystemOut O [Raw read]: length = 5 [10/30/08 18:51:56:893 GMT] 00000038 SystemOut O 0000: 3c 21 44 4f 43 ..DOC [10/30/08 18:51:56:893 GMT] 00000038 SystemOut O JSSE_NIO: TP_http1 : 1, SEND TLSv1 ALERT: [10/30/08 18:51:56:893 GMT] 00000038 SystemOut O fatal, description = unexpected_message [10/30/08 18:51:56:893 GMT] 00000038 SystemOut O TP_http1 : 1, WRITE: TLSv1 Alert, length = 2 [10/30/08 18:51:56:893 GMT] 00000038 SystemOut O [Raw write]: length = 7 [10/30/08 18:51:56:893 GMT] 00000038 SystemOut O 0000: 15 03 01 00 02 02 0a ....... [10/30/08 18:51:56:893 GMT] 00000038 SystemOut O JSSE_NIO: unwrap() exception2:javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?2008-10-30 18:51:56,910 The error occurs because the JAX-WS web service client is attempting to perform an SSL handshake with the HTTP server forward proxy, instead of the actual target web service. When an HTTP server is configured as a forward proxy, HTTPS requests should be routed directly through the proxy and out to the actual target endpoint.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * Feature Pack for Web Services using a * * forward proxy with HTTPS. * **************************************************************** * PROBLEM DESCRIPTION: If a JAX-WS web service client uses a * * forward proxy with HTTPS, a * * SSLHandshakeException occurs. * **************************************************************** * RECOMMENDATION: Install a Fix Pack which includes this APAR.* **************************************************************** When a JAX-WS web service client attempts to call a remote web service over HTTPS a SSLHandshakeException occurs when the call is directed through an HTTP server configured as a forward proxy.
Problem conclusion
Tunneling was not being used in the web services transport layer for proxies. A JVM property has to be set to true to enable this new behavior. The JVM property is: com.ibm.ws.websvcs.transport.enableProxyTunnel This property is false by default. The fix for this APAR is currently targeted for inclusion in fixpack 6.1.0.25. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PK77482
Reported component name
WEBSERVIC FEATU
Reported component ID
5724J0850
Reported release
610
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2008-12-15
Closed date
2009-03-18
Last modified date
2009-03-18
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSERVIC FEATU
Fixed component ID
5724J0850
Applicable component levels
R610 PSY
UP
Document Information
Modified date:
29 December 2021