IBM Support

PM22533; 6.1.0.35: there is no way to specify a timeout in sslutils.buildsslsock

Download


Abstract

System management commands may hang in startHandshake() when security is enabled.

Download Description

PM22533 resolves the following problem:

ERROR DESCRIPTION:?
When the System Management JMXClient invokes SOAPConnector with security enabled, the Apache soap code creates a SSL socket, and then invokes startHandshake() method. The issue here is that SOAP client code doesn't set a socket timeout until after the startHandshake() method completes.

If there is a server which only accepts the SSL socket connection, but doesn't respond to SSL handshaking, the client code waits forever (the startHandshake() method never comes back unless the server closes the socket). This result in a hang.

LOCAL FIX:?
None

PROBLEM SUMMARY:?

USERS AFFECTED:
All administrators of IBM WebSphere Application Servers.

PROBLEM DESCRIPTION:
System management commands may hang in startHandshake() when security is enabled.

RECOMMENDATION:
Install a fix pack that contains this APAR.

If security is enabled, system management commands may hang when communticating between nodes. The hang occurs within the SSLUtils.startHandshake() method.

Sample stack:
"WebContainer : 4457" (TID:0x00000001279EF600,
sys_thread_t:0x00000001279E8470, state:R, native
ID:0x00000000006B70DB)
prio=5
at java/net/SocketInputStream.socketRead0(Native Method)
at
java/net/SocketInputStream.read(SocketInputStream.java:155(Compi
led Code))
at com/ibm/jsse2/a.a(a.java:19(Compiled Code))
at com/ibm/jsse2/a.a(a.java:103(Compiled Code))
at com/ibm/jsse2/jc.a(jc.java:42(Compiled Code))
at com/ibm/jsse2/jc.g(jc.java:17(Compiled Code))
at com/ibm/jsse2/jc.a(jc.java:165(Compiled Code))
at com/ibm/jsse2/jc.startHandshake(jc.java:35(Compiled
Code))
at
org/apache/soap/util/net/SSLUtils.buildSSLSocket(SSLUtils.java:2
85(Compiled Code))

PROBLEM CONCLUSION:?
A new socket timeout property is used to control the socket timeout while creating an SSL connection used by system management. This timeout value is now set on the socket prior to starting handshake negotiation.

The new JVM property is:
org.apache.soap.util.net.SSLUtils.buildSSLSocket.timeout
It is specified in milliseconds.
The default value is 600000 (10 minutes or 600 seconds)


The fix for this APAR is currently targeted for inclusion in fix pack 7.0.0.15. Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?uid=swg27004980

Prerequisites

Please download the UpdateInstaller below to install this fix.

[{"PRLabel":"UpdateInstaller","PRLang":"US English","PRSize":"7250000","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/docview.wss?rs=180&uid=swg21205991"}]

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"9360","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM22533/readme.txt"}]
On
[{"DNLabel":"6.1.0.21-WS-WAS-IFPM22533","DNDate":"1/28/2011","DNLang":"US English","DNSize":"46696","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=6.1.0.21-WS-WAS-IFPM22533&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM22533/6.1.0.21-WS-WAS-IFPM22533.pak","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM22533/6.1.0.21-WS-WAS-IFPM22533.pak"}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/support/entry/portal/Overview/Software/WebSphere/WebSphere_Application_Server), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Web Services (for example: SOAP or UDDI or WSGW or WSIF)","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"6.1.0.21;6.1.0.23;6.1.0.25;6.1.0.27;6.1.0.29;6.1.0.31;6.1.0.33;6.1.0.35","Edition":"Base;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg24029026

Page Feedback