IBM Support

IC80143: LDAP CLIENT DOES NOT DO SSL CACHING (EVEN IF SSL PROXY PROFILE 'CLIENT-SIDE SESSION CACHING' IS SET TO "ON")

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as fixed if next.

Error description

  • DataPower's LDAP client does not do SSL caching; it uses a new
    key exchange for every connection.
    You can detect the problem if you configure an SSL proxy
    profile. Set DataPower as an SSL client and set Client-side
    Session Caching on. Then configure DataPower as an LDAP client
    by using this SSL proxy profile.
    If you initiate an LDAP connection from DataPower and capture
    packets between DataPower and LDAP server, note that every
    connection uses a new key exchange.
    

Local fix

Problem summary

  • Affected are users intending to take advantage of SSL caching
    using DataPower as an LDAP client.
    

Problem conclusion

  • The fix will be available in a future major release.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IC80143

  • Reported component name

    DATAPOWER

  • Reported component ID

    DP1234567

  • Reported release

    402

  • Status

    CLOSED FIN

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2011-12-01

  • Closed date

    2012-01-06

  • Last modified date

    2012-07-23

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels

  • R402 PSN

       UP



Document information

More support for: IBM DataPower Gateways
General

Software version: 4.0.2

Reference #: IC80143

Modified date: 23 July 2012