000017930 - Socket leak in RSA ClearTrust Agent 4.0 for Sun ONE Web Server 6.0

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017930
Applies ToSun Solaris 2.8
Sun ONE Web Server 6.0
RSA ClearTrust Agent 4.0 for Sun ONE Web Server 6.0
IssueSocket leak in RSA ClearTrust Agent 4.0 for Sun ONE Web Server 6.0
As the server/agent runs, an accumulation of sockets to the dispatcher port accumulates in a CLOSE_WAIT state, to a maximum of the Solaris kernel's tcp_keepalive_interval (default 7,200,000 milliseconds, or 2 hours) divided by cleartrust.agent.auth_server_pool_refresh (default 1 hr). While the number of sockets in CLOSE_WAIT reaches a steady maximum, there is a slow accumulation of sockets bound to and from *.* in IDLE state, with no apparent maximum. Eventually, the process's allotment of file descriptors is exhausted and no more sockets can be opened.
CauseThis is a known issue with RSA ClearTrust Agent 4.0 for Sun ONE Web Server 6.0 involving the SSL library and the Agent's failure to correctly close sockets it opens to the dispatcher at regular intervals to refresh its list of available authorization servers
ResolutionThis issue has been resolved in a hot fix for RSA ClearTrust Agent 4.0 for Sun ONE Web Server 6.0. Contact RSA Security Customer Support to obtain hot fix 4.0.0.29, or request the latest fix level (which is cumulative, and contains fixes from previous fix levels).
WorkaroundThe RSA ClearTrust Agent's and the dispatcher's cleartrust.ssl.use parameter is set to either Anon or Auth
Legacy Article IDa30744

Attachments

    Outcomes