IV03509: SSLSESSIONS INVALIDATED AND CANNOT BE RESUMED.
Closed as program error.
Error Message: Description: The Server using SSLEngine sends an encrypted close_notify alert. If the peer does not respond with its close_notify, then a fatal alert of javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? is sent. This causes the SSLSession to be invalidated and therefore the SSLSession cannot be resumed. . Stack Trace: 4488 WebContainer : 5, called closeInbound() 4489 <OSB>27.06.11 13:15:58:906 CEST<CSB> 0000006d SystemOut O WebContainer : 5, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack? 4490 javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? . Performance problem due to SSLSessions not being resumed.
SSLSessions will not be invalidated and will be resumed when peer does not send its close_notify.
This defect will be fixed in: 6.0.0 SR10 5.0.0 SR13 6.0.1 SR1 . Since RFC 2246 is vague regarding whether the initiator of the close notify needs to wait for the peer to send its close_notify, SSLEngine will ignore if it has not received a close notify and will just close the inbound connection without throwing an exception. This will allow SSLSessions to be resumed. . To obtain the fix: Install build 20110631 or later
Reported component name
JAVA 5 SECURITY
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
JAVA 5 SECURITY
Fixed component ID
Applicable component levels