APAR status
Closed as program error.
Error description
An option to disable SSL SNI is to be implemented as below 1. Option to disable SNI for a particular EG : mqsichangeproperties BRK -e EG -o ComIbmJVMManager -n allowSNI -v false 2. Option to disable SNI for bipbroker ( might need webadmin connects to an ldap server over ssl) : mqsichangeproperties BRK -b agent -o ComIbmJVMManager -n allowSNI -v false 3. Option to disable SNI for all EGs under the broker. mqsichangeproperties BRK -o BrokerRegistry -n allowSNI -v false Additional Symptom(s) Search Keyword(s):
Local fix
You can disable SNI by passing following jvm argument mqsichangeproperties -e -o ComIbmJVMManager -n jvmSystemProperty -v"-Djsse.enableSNIExtension=false"
Problem summary
**************************************************************** USERS AFFECTED: All users of IBM integration Bus V9.0 and V10.0, and IBM App Connect Enterprise v11 using SSL outbound connections. Platforms affected: z/OS, MultiPlatform **************************************************************** PROBLEM DESCRIPTION: Server Name indication of SSL is enabled by default in IBM Integration Bus. The user does not have an option to disable SNI.
Problem conclusion
An optional property is implemented in IBM Integration Bus to switch off Server Name Indication. For example : 1. Disable Server Name Indication for Integration Node's outbound SSL connection(for eg: SSL to LDAP server configured for WebAdmin Security) mqsichangeproperties IBNODE -o ComIbmJVMManager -n allowSNI -v false 2. Disable Server Name Indication for Integration Server's outbound SSL connection ( for eg: SOAPRequest or HTTPRequest having https:// url) mqsichangeproperties IBNODE -e integrationServerName -o ComIbmJVMManager -n enableCRLDP -v true 3. Disable Server Name Indication for all Integration Servers of an Integration Node. mqsichangeproperties IBNODE -o BrokerRegistry -n crlFileList -v file_path --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v10.0 10.0.0.10 v11.0 11.0.0.1 v9.0 9.0.0.11 The latest available maintenance can be obtained from: http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006041 If the maintenance level is not yet available,information on its planned availability can be found on: http://www-1.ibm.com/support/docview.wss?rs=849&uid=swg27006308 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT22500
Reported component name
INTEGRATION BUS
Reported component ID
5724J0530
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-09-22
Closed date
2018-08-01
Last modified date
2018-08-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
INTEGRATION BUS
Fixed component ID
5724J0530
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSNQK6","label":"IBM Integration Bus"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
01 August 2018