Fixes are available
8.5.5.10: WebSphere Application Server V8.5.5 Fix Pack 10
8.5.5.11: WebSphere Application Server V8.5.5 Fix Pack 11
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
APAR status
Closed as program error.
Error description
SSLC0008E SSLHandshake exception after turning off TLSv1 protocol Configured SSL_TLSv2 in all SSL configuration and updated the java.security file to turn off TLSv1 protocol using property "jdk.tls.disabledAlgorithms=TLSv1" After that we are seeing the SSLHandshake exception. This is problem happens only with when you are using JDK1.7 SSLHandshakeE E SSLC0008E: Unable to initialize SSL connection. Unauthorized access was denied or security settings have expired. Exception is javax.net.ssl.SSLException: Received fatal alert: handshake_failure
Local fix
na
Problem summary
**************************************************************** * USERS AFFECTED: IBM WebSphere Application Server Version * * 8.5.5 users of the SSL Channel * **************************************************************** * PROBLEM DESCRIPTION: The SSL Channel might reset the * * SSLEngine to TLSv1.0 even if that * * protocol is disabled. * **************************************************************** * RECOMMENDATION: * **************************************************************** If the SSL Channel resets the SSLEngine to its default value, the TLS protocol that will be set is TLSv1.0. An SSL Handshake Exception might occur if TLSv1.0 was set to be disabled. The following is an example of the exception: SSLHandshakeE E SSLC0008E: Unable to initialize SSL connection. Unauthorized access was denied or security settings have expired. Exception is javax.net.ssl.SSLException: Received fatal alert: handshake_failure at com.ibm.jsse2.j.a(j.java:24) at com.ibm.jsse2.an.a(an.java:392) at com.ibm.jsse2.an.a(an.java:415) at com.ibm.jsse2.an.j(an.java:152) at com.ibm.jsse2.an.b(an.java:528)
Problem conclusion
The SSL Channel was modified to correctly set the enabled protocol. The fix for this APAR is currently targeted for inclusion in fix pack 8.5.5.10. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PI59509
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-03-21
Closed date
2016-04-28
Last modified date
2016-04-28
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R850 PSY
UP
Document Information
Modified date:
28 April 2022