The license agreement for this product refers you to this file for a list of "Eligible Support Entitlements" for this product. To the extent you have acquired an "Eligible Support Entitlement" for an earlier version of the Program, you may replace such earlier version with a copy of the Program and receive Program Services under the terms and conditions of the Eligible Support Entitlement for the Program (instead of the earlier version of the Program). The Eligible Support Entitlements for this product are:
On AIX, make sure that the xlC.rte 6.0 or higher runtime library (for example: xlC.rte.6.0.0.0) is installed before installing IBM HTTP Server V6.1. This runtime library is needed to install and use SSL with IBM HTTP Server V6.1 on AIX. You can install the runtime library from the AIX V5.2 or later CD.
IBM HTTP Server supports Update2 of HP-UX 11i v2, along with patch PHSS_30414. If you do not have these updates, IBM HTTP Server may fail to start and you will see the following message:
Jan 10 11:29:52 2005] [crit] (223)Operation not supported: make_sock: for address [::]:80, apr_socket_opt_set: (IPV6_V6ONLY) no listening sockets available, shutting down
The initial Solaris 10 AF_UNIX socket support has operational problems with IBM HTTP Server. This is corrected by a Solaris patch. The SPARC version of the required patch is 120664-01. The x64 version of the patch is 120665-01. This patch, or a later level, is required for IBM HTTP Server on Solaris 10.
The SSLFIPSEnable directive of mod_ibm_ssl enables a special FIPS 140-2 SSL processing mode. The FIPS implementation in GSKit undergoes a certification procedure in order to achieve FIPS compliance. The FIPS implementation in certain levels of GSKit on certain platforms has not completed certification.
In order to use SSLFIPSEnable with a GSKit FIPS implementation which has not completed certification, the ICC_IGNORE_FIPS environment variable must be set.
Unix and Linux platforms
Set the variable in ihsroot/bin/envvars, as
follows:
ICC_IGNORE_FIPS=yes export ICC_IGNORE_FIPS
Windows platform
Set the environment variable ICC_IGNORE_FIPS to yes
in the System Properties control panel.
If an uncertified GSKit FIPS implementation is used and SSLFIPSEnable is specified but the ICC_IGNORE_FIPS setting has been omitted, the following error will be written to the error log:
SSL0100S: GSK could not initialize, GSK_ERROR_FIPS_NOT_SUPPORTED
Here are GSKit versions distributed with IBM HTTP Server (including interim fixes) known to have this issue:
| Platform | GSKit levels |
|---|---|
| HP-UX/PA-RISC | 7.0.3.20, 7.0.3.27 |
| Solaris/x64 | 7.0.3.20, 7.0.3.27 |
- PK45328 SINGLE DES IS NO LONGER AN APPROVED FIPS-140 SECURITY FUNCTION - PK44663 Admin server segfault when pid file does not exist - PK45296 mod_ibm_ldap possible crash from uninitialized memory - PK44274 ProxyErrorOverride should not affect redirects
- PK39018 Restart sidd if it crashes or exits unexpectedly. - PK38839 Allow coredumps and other serviceability data for SIGFPE. - PK37809 Prevent 304 responses with empty bodies from being sent when mod_cache is doing cache validation. - PK37731 No client certificate prompt when multiple SSL vhosts configured. - LI4551 Add SSLAllowNonCriticalBasicConstraints directive to allow PKIX certificates with non-critical Basic Constraints extension. - LI4557 Fail startup if Afpa is configured on Windows Vista. Afpa is not supported on that platform.
- PK35675 mod_mem_cache crashes when used with client certificate authentication - PK34981 The IHS administrative console incorrectly reports the stop/start status of the IHS server - PK33253 SSL virtualhosts unable to perform SSLV3 handshake when keyfile directive has been specified with an invalid parameter
- PK34180 Fix incorrect 304 responses for objects which have expired from the cache - PK31460 Fix handling of non-200 success status codes when "ProxyErrorOverride On" is configured - PK33959 ikeyman variable substitution problem in 6.1 service packs resolved
- PK30837 Fix problems when LDAP is enabled in .htaccess files which could result in crashes or hangs, excessive memory growth, or excessive growth in number of connections to the LDAP server - PK29154 (CVE-2006-3747) mod_rewrite defect led to vulnerability on Windows - PK28359 Fix handshake failure with certain crypto cards, where the error message indicated that the specified label could not be found in the key file - PK28348 Fix problem with mod_cgid when using virtual hosts and ScriptSock directive
- PK21998 SSLProtocolDisable directive can disable specific protocols - PK24631 HTML-escape the value of the Expect header in the error response to a bad Expect value - PK24686 Fix missing path information in arg0 of CGI scripts spawned by mod_cgid - PK22995 Fix excessive forking in worker MPM if child process startup is slow. - mod_cache: Fix inconsistent results from requests which are implemented as subrequests. - PK25428 Periodic IHS admin seg faults on start/stop request from WAS console - allow diagnostic modules to track activity in log-transaction hook
There were no service updates to IBM HTTP Server V6.1 between 6.1 and 6.1.0.2.