6433752 

ssl-check is not working with NSAPI based plug-in.

"PathCheck fn="ssl-check" secret-keysize=128 bong file="xxxxx.yyy.html" 

For static file requests, if the secret-keysize of the client is less than the size specified by the server and a bong file is present, then the bong file is sent back as the response. However, requests for dynamic content (for example, JSP files) return the actual requested object (for example, the JSP file) rather than the bong file.

6421617 

Problem having server-parsed HTML (ParseHTML) and .htaccess with restricted group option.

Authentication succeeds when parsing through a HTML file which has the shtml include entries and is configured to authenticate through .htaccess which has the "restricted by group" option enabled. If the group user gets authenticated, then the result page does not get shtml include entries. This however works fine with the user in .htaccess file has "restricted by user" option.

6376901 

Limitation supporting basic and digest-based ACLs for resources in the same directory.

If the server uses digest and basic-based ACLs in different parts of their doc tree, attempting to use both simultaneously on different files or resources in the same directory is not possible. 

6431287 

TLS_ECDH_RSA_* require the server cert signed with RSA keys.

Cipher suites of the form TLS_ECDH_RSA_* requires server to have an ECC keypair with a cert signed using RSA keys. Note that this precludes using these cipher suites with self-signed certificates. This requirement is inherent to these cipher suites and is not a bug. The server should detect and warn about wrong configurations related to these cipher suites but currently it does not do so.

6467621 

Request to the server fails with using of "Sun Software PKCS#11 softtoken".

Refer to the following documents for additional info on configuring the Web Server with Solaris 10 libpkcs11:

http://www.sun.com/bigadmin/features/articles/web_server_t1.html

http://www.sun.com/blueprints/browsedate.html#0306

6474584 

dayofweek does not take "*" as an option.

For example, set an ACL as follows:  

acl "uri=/"; 
deny (all) dayofweek="*"; 
allow (all) dayofweek="Sat,Sun";

In this program, you are restricting access on all days of week except Saturday and Sunday. This program does not work as you can you can successfully access the ACL on a Monday. 

Workaround

Set the ACL as follows to restrict access to ACL on Monday through Friday. 

acl "uri=/";
deny (all) dayofweek="Mon,Tue,Web,Thu,Fri";
allow (all) dayofweek="Sat,Sun";

This denies the request on a Monday. 

6489913 

SSL session cache cannot be disabled.

Session cache is enabled by default. When the session cache is disabled and URL is accessed through the HTTPs protocol, the URL does not go through and the server log displays an error message indicating that the SSL cannot be configured without session-cache.

Workaround

Reduce the SSL cache size and expiration to the minimum supported values. 

6510486 

htaccess rules can become corrupted in memory.

If a single .htaccess file has more than five allow or deny rules, it is possible that some of the rules may become corrupted in memory. If this occurs, some of the rules may be bypassed.

Workaround

Limit a single .htaccess file to five rules or less.

Or, Use the ACL subsystem instead of htaccess to control access to server resources. For information on setting up ACLs, see the Sun Java System Web Server 7.0 Administrator’s Guide.