Download
Abstract
System management commands may hang in startHandshake() when security is enabled.
Download Description
PM22533 resolves the following problem:
ERROR DESCRIPTION:?
When the System Management JMXClient invokes SOAPConnector with security enabled, the Apache soap code creates a SSL socket, and then invokes startHandshake() method. The issue here is that SOAP client code doesn't set a socket timeout until after the startHandshake() method completes.
If there is a server which only accepts the SSL socket connection, but doesn't respond to SSL handshaking, the client code waits forever (the startHandshake() method never comes back unless the server closes the socket). This result in a hang.
LOCAL FIX:?
None
PROBLEM SUMMARY:?
USERS AFFECTED:
All administrators of IBM WebSphere Application Servers.
PROBLEM DESCRIPTION:
System management commands may hang in startHandshake() when security is enabled.
RECOMMENDATION:
Install a fix pack that contains this APAR.
If security is enabled, system management commands may hang when communticating between nodes. The hang occurs within the SSLUtils.startHandshake() method.
Sample stack:
"WebContainer : 4457" (TID:0x00000001279EF600,
sys_thread_t:0x00000001279E8470, state:R, native
ID:0x00000000006B70DB)
prio=5
at java/net/SocketInputStream.socketRead0(Native Method)
at
java/net/SocketInputStream.read(SocketInputStream.java:155(Compi
led Code))
at com/ibm/jsse2/a.a(a.java:19(Compiled Code))
at com/ibm/jsse2/a.a(a.java:103(Compiled Code))
at com/ibm/jsse2/jc.a(jc.java:42(Compiled Code))
at com/ibm/jsse2/jc.g(jc.java:17(Compiled Code))
at com/ibm/jsse2/jc.a(jc.java:165(Compiled Code))
at com/ibm/jsse2/jc.startHandshake(jc.java:35(Compiled
Code))
at
org/apache/soap/util/net/SSLUtils.buildSSLSocket(SSLUtils.java:2
85(Compiled Code))
PROBLEM CONCLUSION:?
A new socket timeout property is used to control the socket timeout while creating an SSL connection used by system management. This timeout value is now set on the socket prior to starting handshake negotiation.
The new JVM property is:
org.apache.soap.util.net.SSLUtils.buildSSLSocket.timeout
It is specified in milliseconds.
The default value is 600000 (10 minutes or 600 seconds)
The fix for this APAR is currently targeted for inclusion in fix pack 7.0.0.15. Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?uid=swg27004980
Prerequisites
Please download the UpdateInstaller below to install this fix.
Installation Instructions
Please review the readme.txt for detailed installation instructions.
Technical Support
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/support/entry/portal/Overview/Software/WebSphere/WebSphere_Application_Server), or contact 1-800-IBM-SERV (U.S. only).
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg24029026