VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ54953

⇱ IJ54953: HTTPS CHANNEL BINDING SUPPORT

IJ54953: HTTPS CHANNEL BINDING SUPPORT

APAR status

  • Closed as program error.

Error description

  • Error Message: N/A
.
Stack Trace: N/A
.

Local fix



Problem summary


    

  • Support has been added for TLS channel binding tokens for
 Negotiate/Kerberos authentication over HTTPS through
 javax.net.HttpsURLConnection.
 Channel binding tokens are increasingly required as
an enhanced form
 of security. They work by communicating from a
client to a server
 the client's understanding of the binding between
connection
 security, as represented by a TLS server cert, and
higher level
 authentication credentials, such as a username and
password. The
 server can then detect if the client has been fooled
by a MITM (Man
 In The Middle) and shutdown the session or
connection. The feature
 is controlled through a new system property
 `jdk.https.negotiate.cbt` which is described fully
in <OSB>Networking
 Properties

<CSB>(https://docs.oracle.com/javase/8/docs/api/java/net/doc-fil
es/net-properties.html).



Problem conclusion


    

  • A fix is made to IBMJGSS/ibmjgssprovider.jar
 The associated Hursley RTC Problem Report is 152568
 The associated Austin git issue IBMJGSS#122
 JVMs affected: Java 8
 The fix was delivered for Java 8SR8FP50 The affected
jar is "ibmjgssprovider.jar".
 The build level of this jar for the affected
releases is "build_20250523--441"
 A fix is made to JSSE/ibmjsseprovider2.jar
 The associated Hursley RTC Problem Report is 152568
 The associated Austin git issue IBMJGSS#356
 The fix was delivered for Java 8SR8FP50 The affected
jar is "ibmjsseprovider2.jar".
 The build level of this jar for the affected
releases is "build_20250527--455"

.
This APAR will be fixed in the following Releases:
.
IBM Semeru Runtimes
IBM SDK, Java Technology Edition
 8 SR8 FP50 (8.0.8.50)
.
Downloads and supplementary documentation can be found at the
following locations:
- For non z/OS operating systems:
 - IBM Semeru Runtimes, Version 11 and later
 https://www.ibm.com/semeru-runtimes/downloads/
 - IBM SDK, Java Technology Edition, Version 8
 https://www.ibm.com/support/pages/java-sdk-downloads/
- For the z/OS operating system:
 - Java SDK Products on z/OS
 https://www.ibm.com/support/pages/java-sdk-products-zos



Temporary fix


    



Comments


    



APAR Information




    

  • APAR number
    IJ54953
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2025-06-03
    • 

  • Closed date
    2025-06-05
    • 

  • Last modified date
    2025-06-05
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 06 June 2025