APAR status
Closed as program error.
Error description
Error Message: In JSSE2 build 20130109, new code was added to SignatureAndHashAlgorithm.java to call KeyLength.getKeySize() in order to retrieve the key size of a RSA private key. KeyLength.getKeySize() uses RSA key's getModulus() method. This works well for software RSA keys, but for JCECCA hardware RSA keys, the getModulus() method is not supported. . Stack Trace: javax.net.ssl.SSLException: java.lang.UnsupportedOperationException: Hardware error, function getModulus has no meaning in hardware HSServerH: client connection refused. javax.net.ssl.SSLException: Received fatal alert: internal_error javax.net.ssl.SSLException: Received fatal alert: internal_error at com.ibm.jsse2.Alerts.getSSLException(Alerts.java:203) at com.ibm.jsse2.Alerts.getSSLException(Alerts.java:149) at com.ibm.jsse2.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2122) at com.ibm.jsse2.SSLSocketImpl.readRecord(SSLSocketImpl.java:1199) at com.ibm.jsse2.SSLSocketImpl.performInitialHandshake(SSLSocketImp l.java:1453) at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:14 81) at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:14 64) at HSServerH.run(HSServerH.java:120) .
Local fix
Problem summary
Information in hardware crypto key is non-extractable, and KeyLength.getKeySize() code did not consider this situation.
Problem conclusion
This defect will be fixed in: 5.0.0 SR16FP1 6.0.0 SR13FP1 6.0.1 SR5FP1 7.0.0 SR4FP1 . Catch UnsupportedOperationException in KeyLength.getKeySize() and ignore it. The associated Austin CMVC defect 113547. The associated Hursley CMVC defect 196262. The fix was delivered for Java 5.0 SR16FP1, Java 6.0 SR13FP1, Java 6.26 SR5FP1, and Java 7.0 SR4FP1. The fix will be available in ibmjsseprovider2.jar (level 20130226).
Temporary fix
Comments
APAR Information
APAR number
IV38134
Reported component name
JAVA 5 SECURITY
Reported component ID
620500125
Reported release
500
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-03-18
Closed date
2013-09-04
Last modified date
2013-09-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
IV38135 PM85869
Fix information
Fixed component name
JAVA 5 SECURITY
Fixed component ID
620500125
Applicable component levels
R500 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020