IBM Support

HTTPS advisor fails when SSLv3 is disabled on backend servers

Troubleshooting


Problem

The HTTPS advisor communicates by using SSLv3. If unavailable on the backend machines, the advisor reports a load of -1.

Symptom

Incorrect behavior

Cause

The https advisor establishes a secure connection to the backend servers by using the lowest supported protocol instead of the highest. If the backend server supports only higher protocols than the advisor, the connection fails.

Resolving The Problem

APAR PI30574 resolves this issue but the issue can also be resolved with configuration changes.

1) Java™ version 6 (J9 VM 2.6) SR 8 FP2 and Java™ version 6 SR16 FP2 disabled SSLv3 by default and the advisor uses TLSv1 instead of SSLv3.

2) The TLS advisor can be used instead of the https advisor. If configured the advisorrequest or advisorrequest fields are not configured, use the TLS advisor.

3) Custom advisors are attached which are compiled versions of the corrected https advisor packaged as a custom advisor.

Download LLB_https.zip for Load Balancer for IPv4.
Download  ULB_https.zip for Load Balancer for IPv4 and IPv6.

Extract the files in the servers/lib/CustomAdvisors directory. Change permission on the class files if necessary. Stop and restart the executor and dsserver. Replace the https advisor with starting the httptls advisor. On the graphical interface, enter httptls for the advisor name. In the port field, replace port 0 with the actual port number. 

These custom advisors were not tested on releases before v7. 

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Edge Component","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5.5;8.0;7.0","Edition":"Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
07 February 2020

UID

swg21691795