IBM Support

IV68821: NEED TO STRIP LEADING ZEROS IN TLSPREMASTERSECRET OF DHKEYAGREEM ENT

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Error Message: Intermitted bad_record_mac error happens when
using IBM Java 5 as client to perform SSL connection with the
server. This error leads to the SSL connection failure during
the handshake.
.
Stack Trace: N/A
.
DHKeyAgreement is used to generate TlsPreMasterSecret for SSL
connection. The SSL connection will fail if the PreMaster secret
generated happens to contain leading zeros.

Local fix

  • N/A

Problem summary

  • Need to strip leading zeros in TlsPremasterSecret of
DHKeyAgreement

Problem conclusion

  • The fix involves update in jsse150, ibmprovider5.0 and
pkcs115.0, hence ibmjsseprovider2.jar, ibmjceprovider.jar and
ibmpkcs11impl.jar need to be corequested.The associated RTC PR
is 82538The associated Austin CMVC defect is 116227The
associated Hursley CMVC defect is 202652The associated Austin
APAR is IV68360JVMs affected : Java 5.0The fix was delivered for
Java 5.0 SR16FP10The affected jars are "ibmjsseprovider2.jar",
"ibmjceprovider.jar" and "ibmpkcs11impl.jar"The build level for
affected jars is "20150107"
.
This APAR will be fixed in the following Java Releases:
   5.0  SR16 FP10 (5.0.16.10)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the Service
Refreshes and Fix Packs can be found at:
           https://www.ibm.com/developerworks/java/jdk/

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IV68821
    • 

  • Reported component name
    JAVA 5 SECURITY
    • 

  • Reported component ID
    620500125
    • 

  • Reported release
    500
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2015-01-21
    • 

  • Closed date
    2015-01-21
    • 

  • Last modified date
    2015-01-21
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    JAVA 5 SECURITY
    • 

  • Fixed component ID
    620500125
    • 



Applicable component levels


    

  • R500  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            07 December 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback