APAR status
Closed as program error.
Error description
Error Message: N/A . Stack Trace: N/A . High percentage of TLS sessions without id in the ClientHello (new sessions)
Local fix
Problem summary
A race in the code in SocketImpl for closing and reading from SSLSockets causes SSLSessions to be invalidated unnecessarily. The problem happens when one thread calls SSLSocketImpl.close() while another thread is in SSLSocketImpl.AppInputStream.read(). Do not invalidate SSLSession when an exception occurs due to concurrent read/close of SSLSockets.
Problem conclusion
Binary affected - ibmjsseprovider2.jar GIT Issue - #192 RTC - 146684 Build - 8.0 build_20211119--433 The fix was delivered for: Java 8.0 SR7 FP5 . This APAR will be fixed in the following Java Releases: 8 SR7 FP5 (8.0.7.5) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IJ36410
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-12-03
Closed date
2021-12-06
Last modified date
2021-12-06
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270"}]
Document Information
Modified date:
07 December 2021