Sun Java System Web Server 7.0 Update 1 Release Notes

Security

The following table lists the known issues in the security area of Web Server.

Table 12 Known Issues in Security

Problem ID 

Description 

6376901 

Limitation supporting basic and digest-based ACLs for resources in the same directory.

If the server uses digest and basic-based ACLs in different parts of their doc tree, attempting to use both simultaneously on different files or resources in the same directory is not possible. 

6431287 

TLS_ECDH_RSA_* require the server cert signed with RSA keys.

Cipher suites of the form TLS_ECDH_RSA_* requires server to have an ECC keypair with a cert signed using RSA keys. Note that this precludes using these cipher suites with self-signed certificates. This requirement is inherent to these cipher suites and is not a bug. The server should detect and warn about wrong configurations related to these cipher suites but currently it does not do so.

6467621 

Request to the server fails with using of "Sun Software PKCS#11 softtoken".

Refer to the following documents for additional info on configuring the Web Server with Solaris 10 libpkcs11:

http://www.sun.com/bigadmin/features/articles/web_server_t1.html

http://www.sun.com/blueprints/browsedate.html#0306