IV49906: DHKEYAGREEMENT NEED STRIP LEADING ZEROS FOR TLSPREMASTERSECRET
Closed as program error.
Error Message: 1 out 256 SSL/TLS handshakes with DH/DHE cipher suites to fail (when the leading byte happens, by chance, to be zero). . Stack Trace: N/A . N/A
Disable DH cipher suites.
There is no check for leading zeros when generating keys to be used for pre_master_secret.
This defect will be fixed in: 7.0.0 SR6 6.0.1 SR7 6.0.0 SR15 . Avoid using keys that having leading zeros as pre_master_secret. The associated Austin CMVC defect is 113950. The associated Hursley CMVC defect is 200028. Platform affected: All platforms. JVMs affected: 6.0 7.0. Jars affected: ibmjceprovider.jar ibmpkcs11impl.jar. The fix will be available in 60_SR15, 626_SR7, 70_SR6. The build date is 20130906 for ibmjceprovider.jar and 20130913 for ibmpkcs11impl.jar.
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels