APAR status
Closed as program error.
Error description
With the following config: SSLCipherSpec ALL -TLS_RSA_WITH_AES_128_CBC_SHA -TLS_RSA_WITH_AES_256_CBC_SHA SSLProtocolEnable TLSv1.2 SSLProtocolDisable SSLv2 SSLv3 TLSv1 TLSv1.1 SSLEnable TLS_RSA_WITH_AES_128_CBC_SHA will still be allowed.
Local fix
specify the ciphers specs you want to use in the config
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM HTTP Server on z/OS * **************************************************************** * PROBLEM DESCRIPTION: A specific "SLCipherSpec ALL - ..." * * has unexpected result of leaving * * cipher enabled. * **************************************************************** * RECOMMENDATION: * **************************************************************** When exactly "SSLCipherSpec ALL -TLS_RSA_WITH_AES_128_CBC_SHA -TLS_RSA_WITH_AES_256_CBC_SHA" is specified, default ciphers are used including the named ciphers.
Problem conclusion
Initialization order was modified so that ICSF status was reflected in the defaults during SSSLCipherSpec processing. This did not apply to 8.5. The fix for this APAR is targeted for inclusion in IBM HTTP Server fix packs 9.0.5.5. For more information, see 'Recommended Updates for WebSphere Application Server': https://www.ibm.com/support/pages/node/715553
Temporary fix
Comments
APAR Information
APAR number
PH24557
Reported component name
WAS IHS ZOS
Reported component ID
5655I3510
Reported release
90P
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-04-17
Closed date
2020-07-09
Last modified date
2020-07-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WAS IHS ZOS
Fixed component ID
5655I3510
Applicable component levels
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"90P"}]
Document Information
Modified date:
14 December 2020