APAR status
Closed as program error.
Error description
Error Message: Description: The Server using SSLEngine sends an encrypted close_notify alert. If the peer does not respond with its close_notify, then a fatal alert of javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? is sent. This causes the SSLSession to be invalidated and therefore the SSLSession cannot be resumed. . Stack Trace: 4488 WebContainer : 5, called closeInbound() 4489 <OSB>27.06.11 13:15:58:906 CEST<CSB> 0000006d SystemOut O WebContainer : 5, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack? 4490 javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? . Performance problem due to SSLSessions not being resumed.
Local fix
Problem summary
SSLSessions will not be invalidated and will be resumed when peer does not send its close_notify.
Problem conclusion
This defect will be fixed in: 6.0.0 SR10 5.0.0 SR13 6.0.1 SR1 . Since RFC 2246 is vague regarding whether the initiator of the close notify needs to wait for the peer to send its close_notify, SSLEngine will ignore if it has not received a close notify and will just close the inbound connection without throwing an exception. This will allow SSLSessions to be resumed. . To obtain the fix: Install build 20110631 or later
Temporary fix
Comments
APAR Information
APAR number
IV03508
Reported component name
SECURITY
Reported component ID
620700125
Reported release
600
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2011-07-25
Closed date
2011-07-25
Last modified date
2011-07-25
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
R600 PSY
UP
R260 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020