IBM Support

PH33903: WHEN TO RUN ON IBM JAVA, AGENTS ONLY ENABLE TLSV1

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • When using IBM Java an Agent only enables TLSv1 .
The agent logs something like:

2021-01-22 12:39:54,910 EST INFO  netty-pool-0
com.urbancode.air.agent.comm.AgentPublicKeyPinHandler - SSL
handshake complete: ch=41873737 local=/127.0.0.1:36868
remote=localhost/127.0.0.1:7919 proto=TLSv1
cipher=SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA peer ...

There may be other logging from the same agent that reports
higher TLS protocols.

Local fix

  • The workaround is to add the following to "worker-args.conf" in
agent/bin directory:
-Dcom.ibm.jsse2.overrideDefaultTLS=true

Problem summary

  • ****************************************************************
* USERS AFFECTED:                                              *
* All end users on all supported browsers.                     *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* When using IBM Java an Agent only enables TLSv1 .            *
* The agent logs something like:                               *
*                                                              *
* 2021-01-22 12:39:54,910 EST INFO  netty-pool-0               *
* com.urbancode.air.agent.comm.AgentPublicKeyPinHandler - SSL  *
* handshake complete: ch=41873737 local=/127.0.0.1:36868       *
* remote=localhost/127.0.0.1:7919 proto=TLSv1                  *
* cipher=SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA peer ...           *
*                                                              *
* There may be other logging from the same agent that reports  *
* higher TLS protocols.                                        *
****************************************************************
* RECOMMENDATION:                                              *
* Fixed in version 7.1.2.0                                     *
****************************************************************

Problem conclusion

  • Fix is provided in IBM UrbanCode Deploy 7.1.2.0

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH33903
    • 

  • Reported component name
    UC DEPLOY
    • 

  • Reported component ID
    5725M5400
    • 

  • Reported release
    710
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2021-01-28
    • 

  • Closed date
    2021-02-16
    • 

  • Last modified date
    2021-05-04
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    UC DEPLOY
    • 

  • Fixed component ID
    5725M5400
    • 



Applicable component levels


    








      
              
                            

              

              [{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS4GSP","label":"IBM UrbanCode Deploy"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            05 May 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback