IBM Support

PH21804: SSL0212E WITH TLS1.3 WHEN SSLV3TIMEOUT EXPIRES

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • IHS captures the following error with TLS1.3 enabled
SSL0212E:
SSL Handshake Failed, Internal unknown error. Report problem to
service...

Local fix

  • Disable SSL Session reuse (session tickets) under TLS13:
SSLAttributeSet 4039 0

Problem summary

  • ****************************************************************
* USERS AFFECTED:  All users of IBM WebSphere Application      *
*                  Server                                      *
****************************************************************
* PROBLEM DESCRIPTION: Handshakes fail with SSL0212E with      *
*                      TLS1.3 enabled.                         *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Handshakes fail with SSL0212E when a handshake is attempted
to be resumed after the SSLV3Timeout has expired, or SSL0200E
is logged with GSK_ERROR_ILLEGAL_PARAMETER.

Problem conclusion

  • GSKit was updated to 8.0.55.13 to resolve multiple TLS 1.3
issues:

- SSL0212E errors during TLSv13 session resumption
- SSL0200E error referencing GSK_ERROR_ILLEGAL_PARAMETER
(ECDSA certificate error)


The fix for this APAR is targeted for inclusion in fix packs
9.0.5.4.  For more information, see
'Recommended Updates for WebSphere Application Server':
http://www.ibm.com/support/docview.wss?
rs=180&uid=swg27004980

Note: the same level of GSKit is provided in 8.5.5.18 and
later to pick up other cumulative GSKit fixes, even though the
particular symptom in this APAR is unreachable due to the
absence of TLS 1.3 in IHS 8.5.5.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH21804
    • 

  • Reported component name
    WEBS APP SERV N
    • 

  • Reported component ID
    5724H8800
    • 

  • Reported release
    900
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2020-02-05
    • 

  • Closed date
    2020-04-14
    • 

  • Last modified date
    2020-10-15
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    IBM HTTP SERVER
    • 

  • Fixed component ID
    5724J0801
    • 



Applicable component levels


    

  • R900  PSY
       UP
    • 








      
              
                            

              

              [{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            07 September 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback