IV37331: SSLENGINE SHOULD THROW EXCEPTION WHEN KEY SIZE IS INVALID.
Closed as program error.
Error Message: When key size is invalid during key exchange for SSLEngine, exception should be thrown to notice client&server. Below is the information from the customer: >>>>>> Since SSLKeyException is a sub-class of IOException we would eventually handle it and print it out somewhere. However, in what I saw there would have been no SSLKeyException thrown. We are reading the status on the SSLEngine and doing as we are asked here: <OSB>1/29/13 12:25:29:631 EST<CSB> 00000041 SSLUtils 3 Get ready to decrypt data, netBuf: hc=2142338993 pos=0 lim=24576 cap=24576 In this case it's attempting to read for more data. Had an exception happened we wouldn't have gotten to this point. <<<<<< This issue can only be reproduced with restricted policy file. . Stack Trace: N/A .
When exception happens during handshake for SSLEngine, the exception message will be saved in member "thrown" in Handshaker class. "thrown" is a private Exception, and there is no public interface/method to access it. The only way to detect the exception it is to call wrap() or unwrap() from the application level.
This defect will be fixed in: 7.0.0 SR4FP1 6.0.1 SR5FP1 6.0.0 SR13FP1 5.0.0 SR16FP1 . Use fatalSE() to terminate the handshake when exception happens for SSLEngine. The associated Austin CMVC defect 113536. The associated Hursley CMVC defect 196264. The fix was delivered for Java 5.0 SR16FP1, Java 6.0 SR13FP1, Java 6.26 SR5FP1, and Java 7.0 SR4FP1. The fix will be available in ibmjsseprovider2.jar (level 20130221).
Reported component name
JAVA 5 SECURITY
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
JAVA 5 SECURITY
Fixed component ID
Applicable component levels