Fixes are available
9.0.0.10: WebSphere Application Server traditional V9.0 Fix Pack 10
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
9.0.0.11: WebSphere Application Server traditional V9.0 Fix Pack 11
9.0.5.0: WebSphere Application Server traditional Version 9.0.5 Refresh Pack
9.0.5.1: WebSphere Application Server traditional Version 9.0.5 Fix Pack 1
9.0.5.2: WebSphere Application Server traditional Version 9.0.5 Fix Pack 2
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
9.0.5.3: WebSphere Application Server traditional Version 9.0.5 Fix Pack 3
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
APAR status
Closed as new function.
Error description
Caching Proxy currently does not allow ECDHE ciphers to be set since CipherSpecs directives only accept short names for cipher specs. A new directive will be added to accept the full cipher spec names thus allowing ECDHE ciphers to be set.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of IBM Caching Proxy SSL * **************************************************************** * PROBLEM DESCRIPTION: IBM Caching Proxy is not able to use * * ECDHE ciphers. * **************************************************************** * RECOMMENDATION: * **************************************************************** IBM Caching Proxy is not able to use ECDHE ciphers since the various CipherSpecs directives only accept short names for cipher specifications.
Problem conclusion
IBM Caching Proxy was updated to allow long names of cipher specifications to be used. This enables ECDHE ciphers to be configured in IBM Caching Proxy. Users that want to enable ECDHE ciphers should use the convert to the new directive: TLSExtendedCipherSpecs <TLSV10 | TLSV11 | TLSV12> cipher... Up to eight ciphers can be specified per TLSExtendedCipherSpecs directive. Multiple TLSExtendedCipherSpecs can be used if more than eight ciphers are needed. Please see the following link for more information on using the TLSExtendedCipherSpecs directive: https://publib.boulder.ibm.com/httpserv/ihsdiag/cp_questions.htm DH The fix for this is targeted for the following IBM Caching Proxy fixpacks: - 9.0.0.10 - 8.5.5.15
Temporary fix
Comments
APAR Information
APAR number
PH01138
Reported component name
WEBS CACH PROXY
Reported component ID
5724H8810
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-08-01
Closed date
2018-12-03
Last modified date
2022-09-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS CACH PROXY
Fixed component ID
5724H8810
Applicable component levels
Document Information
Modified date:
08 September 2022