APAR status
Closed as program error.
Error description
Error Message: When key size is invalid during key exchange for SSLEngine, exception should be thrown to notice client&server. Below is the information from the customer: >>>>>> Since SSLKeyException is a sub-class of IOException we would eventually handle it and print it out somewhere. However, in what I saw there would have been no SSLKeyException thrown. We are reading the status on the SSLEngine and doing as we are asked here: <OSB>1/29/13 12:25:29:631 EST<CSB> 00000041 SSLUtils 3 Get ready to decrypt data, netBuf: hc=2142338993 pos=0 lim=24576 cap=24576 In this case it's attempting to read for more data. Had an exception happened we wouldn't have gotten to this point. <<<<<< This issue can only be reproduced with restricted policy file. . Stack Trace: N/A .
Local fix
Problem summary
When exception happens during handshake for SSLEngine, the exception message will be saved in member "thrown" in Handshaker class. "thrown" is a private Exception, and there is no public interface/method to access it. The only way to detect the exception it is to call wrap() or unwrap() from the application level.
Problem conclusion
This defect will be fixed in: 7.0.0 SR4FP1 6.0.1 SR5FP1 6.0.0 SR13FP1 5.0.0 SR16FP1 . Use fatalSE() to terminate the handshake when exception happens for SSLEngine. The associated Austin CMVC defect 113536. The associated Hursley CMVC defect 196264. The fix was delivered for Java 5.0 SR16FP1, Java 6.0 SR13FP1, Java 6.26 SR5FP1, and Java 7.0 SR4FP1. The fix will be available in ibmjsseprovider2.jar (level 20130221).
Temporary fix
Comments
APAR Information
APAR number
IV37330
Reported component name
SECURITY
Reported component ID
620700125
Reported release
260
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-02-27
Closed date
2013-03-11
Last modified date
2013-03-11
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
R260 PSY
UP
R600 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"260","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020