IBM Support

PK33253: SSL VIRTUALHOSTS UNABLE TO PERFORM SSLV3 HANDSHAKE WHEN KEYFILE DIRECTIVE HAS BEEN SPECIFIED WITH AN INVALID PARAMETER

Fixes are available

PK53584; 2.0.47.1: IBM HTTP Server 2.0.47 Cumulative Interim Fix
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for Solaris
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for HP-UX
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for Linux
PK65782; 2.0.47.1: IBM HTTP Server V2.0.47 Cumulative Interim Fix
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for Windows
6.1.0.7 WebSphere Application Server V6.1 Fix Pack 7 for AIX
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for i5/OS
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
Java SDK 1.5 SR10 Cumulative Fix for WebSphere Application Server
6.1.0.31: Java SDK 1.5 SR11 FP1 Cumulative Fix for WebSphere Application Server
6.1.0.33: Java SDK 1.5 SR12 FP1 Cumulative Fix for WebSphere
6.1.0.29: Java SDK 1.5 SR11 Cumulative Fix for WebSphere Application Server
6.1.0.35: Java SDK 1.5 SR12 FP2 Cumulative Fix for WebSphere
6.1.0.37: Java SDK 1.5 SR12 FP3 Cumulative Fix for WebSphere
6.1.0.39: Java SDK 1.5 SR12 FP4 Cumulative Fix for WebSphere Application Server
6.1.0.41: Java SDK 1.5 SR12 FP5 Cumulative Fix for WebSphere Application Server
6.1.0.43: Java SDK 1.5 SR13 Cumulative Fix for WebSphere Application Server
6.1.0.45: Java SDK 1.5 SR14 Cumulative Fix for WebSphere Application Server
6.1.0.47: WebSphere Application Server V6.1 Fix Pack 47
6.1.0.47: Java SDK 1.5 SR16 Cumulative Fix for WebSphere Application Server
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for Solaris

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • SSL VirtualHosts unable to perform SSLV3 handshake when KeyFile
    directive has been specified with an invalid parameter in the
    last VirtualHost occuring in httpd.conf
    

Local fix

Problem summary

  • mod_ibm_ssl uses a GSKit environment created for the last
    SSL-enabled virtual host in order to retrieve the default
    cipher list from the security library.
    Some types of configuration errors can prevent the last SSL-
    enabled virtual host from initializing properly, which
    prevents the default cipher list from being retrieved.
    An example of such a configuration error is when the
    KeyFile directive specifies an invalid filename.
    

Problem conclusion

  • If a configuration error prevents the last SSL-enabled
    virtual host from initializing, thus preventing security
    library defaults to be retrieved from that SSL environment,
    then the published security library default ciphers will be
    used instead when no SSLCipherSpec directives have been given.
    This change is targeted for
    6.1.0.7
    6.0.2.19
    Cumulative e-fix PK53584 for 2.0.47.1
    

Temporary fix

Comments

APAR Information

  • APAR number

    PK33253

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    60A

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2006-10-19

  • Closed date

    2007-01-18

  • Last modified date

    2007-10-25

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    PK37205

Modules/Macros

  • IBMSSL
    

Fix information

  • Fixed component name

    IBM HTTP SERVER

  • Fixed component ID

    5724J0801

Applicable component levels

  • R60A PSN

       UP

  • R60H PSN

       UP

  • R60I PSN

       UP

  • R60P PSN

       UP

  • R60S PSN

       UP

  • R60W PSN

       UP

  • R60Z PSN

       UP

  • R61A PSN

       UP

  • R61H PSN

       UP

  • R61I PSN

       UP

  • R61P PSN

       UP

  • R61S PSN

       UP

  • R61W PSN

       UP

  • R61Z PSN

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
07 September 2022