VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ54046

⇱ IJ54046: HTTPS CHANNEL BINDING SUPPORT

IJ54046: HTTPS CHANNEL BINDING SUPPORT

APAR status

  • Closed as program error.

Error description

  • Error Message: N/A
.
Stack Trace: N/A
.

Local fix



Problem summary


    

  • Support has been added for TLS channel binding tokens for
 Negotiate/Kerberos authentication over HTTPS through
 javax.net.HttpsURLConnection.
 Channel binding tokens are increasingly required as
an enhanced form
 of security. They work by communicating from a
client to a server
 the client's understanding of the binding between
connection security, as represented by a TLS server
cert, and
higher level
 authentication credentials, such as a username and
password. The
 server can then detect if the client has been fooled
by a MITM (Man
 In The Middle) and shutdown the session or
connection. The feature
 is controlled through a new system property
 `jdk.https.negotiate.cbt` which is described fully
in <OSB>Networking
 Properties

<CSB>(https://docs.oracle.com/javase/8/docs/api/java/net/doc-fil

es/net-properties.html).



Problem conclusion


    

  • A fix is made to IBMJGSS/ibmjgssprovider.jar The associated
Hursley RTC Problem Report is 152539 The associated
Austin
git issue
 IBMJGSS#109 JVMs affected: Java 8 The fix was
delivered for Java
 8SR8FP50 The affected jar is "ibmjgssprovider.jar".
The build level
 of this jar for the affected releases is
"build_20250321--385"

.
This APAR will be fixed in the following Releases:
.
IBM Semeru Runtimes
IBM SDK, Java Technology Edition
 8 SR8 FP50 (8.0.8.50)
.
Downloads and supplementary documentation can be found at the
following locations:
- For non z/OS operating systems:
 - IBM Semeru Runtimes, Version 11 and later
 https://www.ibm.com/semeru-runtimes/downloads/
 - IBM SDK, Java Technology Edition, Version 8
 https://www.ibm.com/support/pages/java-sdk-downloads/
- For the z/OS operating system:
 - Java SDK Products on z/OS
 https://www.ibm.com/support/pages/java-sdk-products-zos



Temporary fix


    



Comments


    



APAR Information




    

  • APAR number
    IJ54046
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2025-03-22
    • 

  • Closed date
    2025-03-25
    • 

  • Last modified date
    2025-04-22
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 22 April 2025