IBM Support

PI54960 - Provide mechanism to update java.security file algorithm properties

Technote (troubleshooting)


Problem(Abstract)

This interim fix is being provided to programmatically update the algorithm properties in the java.security for you during SSL initialization, instead of manually having to update the java.security file for WebSphere Applicaiton Server. This interim fix (and future fix packs 8.5.5.10, 8.0.0.13, 7.0.0.41) have been designed so that as other algorithm properties get updated by the IBM® SDK Java™ Technology Edition to the default values they will be automatically added to these disabledAlgorithm stanzas.

Resolving the problem

For the IBM WebSphere Application Server to programmatically update the java.security file:
For V8.5.0.0 through 8.5.5.8 Full Profile:

  • Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PI54960
--OR--
  • Apply Fix Pack 10 (8.5.5.10) or later.


For V8.0.0.0 through 8.0.0.12:
  • Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PI54960
--OR--
  • Apply Fix Pack 13 (8.0.0.13) or later.

For V7.0.0.0 through 7.0.0.39:
  • Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PI54960
--OR--
  • Apply Fix Pack 41 (7.0.0.41) or later.

In most situations this is all you will need to do. However, if you decide you want to change the algorithm set, there are properties available.

If after you apply interim fix PI54960, you want to customize what the Application Server sets on these properties you can do so by adding WebSphere security properties:

  com.ibm.websphere.tls.disabledAlgorithms=<your list>

  com.ibm.websphere.certpath.disabledAlgorithms=<your list>

If after you apply interim fix PI54960, you do not want the Application Server to set these properties you can set the WebSphere security properties:

  com.ibm.websphere.tls.disabledAlgorithms=none

  com.ibm.websphere.certpath.disabledAlgorithms=none


To set the WebSphere Application Server security properties:

You can view the administrative console page to change the settings, click Security > Global security> custom properties. Then click New to add the new custom property and it's associated value.

--OR--

You can use wsadmin scripting AdminTask object. The setAdminActiveSecuritySettings task can be used to set the security custom properties. For example:

 
AdminTask.setAdminActiveSecuritySettings('[-customProperties ["com.ibm.websphere.certpath.disabledAlgorithms=none"]]')''



Change History:
04 February 2016: original document published
13 September 2016: updated fix pack release dates


Cross reference information
Segment Product Component Platform Version Edition
Application Servers WebSphere Application Server Hypervisor Edition

Document information

More support for: WebSphere Application Server
General

Software version: 7.0, 8.0, 8.5, 8.5.5

Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows, z/OS

Software edition: Base, Developer, Express, Network Deployment

Reference #: 1975698

Modified date: 13 September 2016