IC88020: SSL PROXY PROFILE USED BY DATAPOWER WEB SERVICE PROXY TO IMPORT REMOTE SCHEMATA IS NOT CONFIGURABLE
Fixes are available
Closed as fixed if next.
XSD files located on a server not supporting RFC5746, secure renegotiation can not be retrieved by Datapower. Datapower always requires secure renegotiation to be supported. The SSL Proxy Profile controling this is not configurable.
There are several work arounds for this issue. 1) change the connection to backend server serving xsd files to HTTP 2) Enable RFC5746 support on the backend server 3) locate the xsd files local to the Datapower Appliance 4) Modify the Datapower appliance so that the connection to backend server is not directly accessed by the WSP configuration on Datapower. Modify the WSP configureation to connect through Datapower appliance first. For example the connection would be from the WSP to a Datapower front side handler for a MPGW. Configure the MPGW SSL proxy to allow connectivity to a insecure SSL server.
A new configurable SSL Proxy will be added to default domain and used for retrieving remote Schemata (instead "system-default"). By default it does not allow connections to insecure SSL servers and results in the same error logged as before, just with a different SSL Proxy name: yyymmddThhmmssZ [ssl][error] sslproxy(system-wsgw-management-loopback): tid(.....): SSL handshake aborted due to detection of insecure SSL server Setting "Allow connection to insecure SSL" to "On" for system-wsgw-management-loopback will allow Web Service Proxies to retrieve Schemata from an insecure SSL server.
Fix will be available in next major releases.
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels