Fixes are available
9.0.0.4: WebSphere Application Server traditional V9.0 Fix Pack 4
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
9.0.0.5: WebSphere Application Server traditional V9.0 Fix Pack 5
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
9.0.0.6: WebSphere Application Server traditional V9.0 Fix Pack 6
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
9.0.0.7: WebSphere Application Server traditional V9.0 Fix Pack 7
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
9.0.0.8: WebSphere Application Server traditional V9.0 Fix Pack 8
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
9.0.0.9: WebSphere Application Server traditional V9.0 Fix Pack 9
9.0.0.10: WebSphere Application Server traditional V9.0 Fix Pack 10
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
9.0.0.11: WebSphere Application Server traditional V9.0 Fix Pack 11
9.0.5.0: WebSphere Application Server traditional Version 9.0.5 Refresh Pack
9.0.5.1: WebSphere Application Server traditional Version 9.0.5 Fix Pack 1
9.0.5.2: WebSphere Application Server traditional Version 9.0.5 Fix Pack 2
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
9.0.5.3: WebSphere Application Server traditional Version 9.0.5 Fix Pack 3
9.0.5.4: WebSphere Application Server traditional Version 9.0.5 Fix Pack 4
9.0.5.5: WebSphere Application Server traditional Version 9.0.5 Fix Pack 5
WebSphere Application Server traditional 9.0.5.6
9.0.5.7: WebSphere Application Server traditional Version 9.0.5 Fix Pack 7
9.0.5.8: WebSphere Application Server traditional Version 9.0.5.8
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
9.0.5.9: WebSphere Application Server traditional Version 9.0.5.9
9.0.5.10: WebSphere Application Server traditional Version 9.0.5.10
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
9.0.5.11: WebSphere Application Server traditional Version 9.0.5.11
APAR status
Closed as program error.
Error description
The SSLv2 and SSLv3 protocols were disabled with the introduction of the TLSOnly directive in Caching Proxy 8.5.5.5. As TLS protocols are also disabled by default, this resulted in no protocols being enabled by default when SSL is enabled.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of IBM Caching Proxy * **************************************************************** * PROBLEM DESCRIPTION: Enable TLSv1.0 and TLSv1.1 by default * * on Caching Proxy when SSL is enabled. * **************************************************************** * RECOMMENDATION: * **************************************************************** By default, all SSL and TLS protocols are disabled when SSLEnable is ON. Prior to Caching Proxy 8.5.5.5, SSLv3 was the only protocol enabled, but was disabled in fixpacks 8.5.5.5 later to prevent the POODLE attack.
Problem conclusion
IBM Caching Proxy now enables TLSv1.0 and TLSv1.1 by default when SSL is enabled. To enable the TLSv1.0 and TLSv1.1 protocols by default, the following changes were made: - TLSV1Enable default value was changed from 'OFF' to 'ON_TLSV10_TLSV11' - TLSVersion was modified to allow specific TLS protocols to be enabled. Valid values are TLSV10, TLSV11, TLSV12, and ALL. For example, TLSv1.1 and TLSv1.2 can be enabled with: TLSVersion TLSV11 TLSV12 - TLSVersion's default value was changed from 'ALL' to 'TLSV10 TLSV11' For backwards compatibility, TLSv1.2 will also still be enabled if TLSV1Enable is set to the previous enabled value 'ON'. The fix will be included in IBM Caching Proxy fixpacks: - 9.0.0.4 - 8.5.5.12 - 8.0.0.14
Temporary fix
Comments
APAR Information
APAR number
PI75968
Reported component name
WEBS CACH PROXY
Reported component ID
5724H8810
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-02-05
Closed date
2017-02-08
Last modified date
2017-11-13
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS CACH PROXY
Fixed component ID
5724H8810
Applicable component levels
R800 PSY
UP
R850 PSY
UP
R900 PSY
UP
Document Information
Modified date:
04 May 2022