Sun Java System Application Server Enterprise Edition 8.2 Standalone Installer Release Notes

Security

This section describes known issues and associated solutions related to Application Server and web application security and certificates.

Bug ID	Summary
6183318	Cannot run `WebServiceSecurity` applications on Enterprise Edition with J2SE 5.0. `WebServiceSecurity` applications cannot run with J2SE 5.0 because: J2SE 5.0 PKCS11 does not support UNWRAP mode J2SE 5.0 PKCS11 does not support `RSA/ECB/OAEPWithSHA1AndMGF1Padding` with PKCS11 The J2SE team has filed "CR 6190389: Add support for the RSA-PKCS1 and RSA-OAEP wrap/unwrap mechanisms" for this bug. Solution Use J2SE 1.4.2 with any other JCE provider (not the one included by default). Note that hardware accelerator support will not be present in this configuration.
6269102	SSL termination is not working; when Load Balancer (Hardware) is configured for SSL termination, the Application Server changes the protocol from `https` to `http` during redirection. Solution Add a software load balancer between the hardware load balancer and the Application Server.

Bug ID

Summary

6183318

Cannot run WebServiceSecurity applications on Enterprise Edition with J2SE 5.0.

WebServiceSecurity applications cannot run with J2SE 5.0 because:

J2SE 5.0 PKCS11 does not support UNWRAP mode
J2SE 5.0 PKCS11 does not support RSA/ECB/OAEPWithSHA1AndMGF1Padding with PKCS11

The J2SE team has filed "CR 6190389: Add support for the RSA-PKCS1 and RSA-OAEP wrap/unwrap mechanisms" for this bug.

Solution

Use J2SE 1.4.2 with any other JCE provider (not the one included by default). Note that hardware accelerator support will not be present in this configuration.

6269102

SSL termination is not working; when Load Balancer (Hardware) is configured for SSL termination, the Application Server changes the protocol from https to http during redirection.

Solution

Add a software load balancer between the hardware load balancer and the Application Server.