Function return codes
Table 1 lists the new and updated function return codes. See z/OS Cryptographic Services System SSL Programming for more detailed information.
| Function code | Release | Description | Reason for change |
|---|---|---|---|
| 6 | z/OS V2R2 | Changed: Key label is not found. | PKCS#12 certificate storage |
| 7 | z/OS V2R2 | Changed: No certificates available. | PKCS#12 certificate storage |
| 8 | z/OS V2R2 | Changed: Certificate validation error. | PKCS#12 certificate storage |
| 13 | z/OS® V1R13 | New: Size specified for supplied structure is too small. | Release update |
| 14 | z/OS V1R13 | New: Required gsk_all_cipher_suites structure not supplied. | Elliptic Curve Cryptography for TLS |
| 102 | z/OS V2R2 | Changed: Error detected while reading certificate database | PKCS#12 certificate storage |
| 202 | z/OS V2R2 | Changed: Error detected while opening the certificate database. | PKCS#12 certificate storage |
| z/OS V2R1 | Changed: Error detected while opening the certificate database. | Documentation clarification | |
| 402 | z/OS V2R2 | Changed: No SSL cipher specifications. | Documentation clarification |
| z/OS V2R1 | Changed: No SSL cipher specifications. | Documentation clarification | |
| z/OS V1R13 | Changed: No SSL cipher specifications. | Documentation clarification | |
| 407 | z/OS V2R2 | Changed: Key label does not exist. | Documentation clarification |
| z/OS V2R1 | Changed: Key label does not exist. | Documentation clarification | |
| 417 | z/OS V2R2 | Changed: Self-signed certificate cannot be validated. | Documentation clarification |
| 421 | z/OS V2R2 | Changed: SSL V2 cipher is not valid. | Documentation clarification |
| 422 | z/OS V2R2 | Changed: SSL V3 cipher is not valid. | Documentation clarification |
| z/OS V1R13 | Changed: SSL V3 cipher is not valid. | Elliptic Curve Cryptography for TLS | |
| 428 | z/OS V1R13 | Changed: Key entry does not contain a private key. | Documentation clarification |
| 432 | z/OS V1R13 | Changed: Session renegotiation is not allowed. | Documentation clarification |
| 436 | z/OS V2R2 | Changed: Certificate revocation list cannot be found. | Documentation clarification |
| 440 | z/OS V2R2 | Changed: Incorrect key usage. | Documentation clarification |
| z/OS V2R1 | Changed: Incorrect key usage. | gskkyman menu restructuring - updated menu titles | |
| z/OS V1R13 | Changed: Incorrect key usage. | Elliptic Curve Cryptography for TLS | |
| 442 | z/OS V2R2 | Changed: Multiple certificates exist for label. | PKCS#12 certificate storage |
| 451 | z/OS V1R13 | New: Elliptic Curve is not supported. | Elliptic Curve Cryptography for TLS |
| 452 | z/OS V1R13 | New: EC Parameters not supplied. | Elliptic Curve Cryptography for TLS |
| 453 | z/OS V1R13 | New: Signature not supplied. | Elliptic Curve Cryptography for TLS |
| 454 | z/OS V1R13 | New: Elliptic curve parameters are not valid. | Elliptic Curve Cryptography for TLS |
| 455 | z/OS V2R1 | Changed: ICSF services are not available. | Documentation clarification |
| z/OS V1R13 | New: ICSF services are not available. | Elliptic Curve Cryptography for TLS | |
| 456 | z/OS V1R13 | New: ICSF callable service returned an error. | Elliptic Curve Cryptography for TLS |
| 457 | z/OS V1R13 | New: ICSF PKCS #11 not operating in FIPS mode. | Elliptic Curve Cryptography for TLS |
| 458 | z/OS V1R13 | New: The SSL V3 expanded cipher is not valid. | Elliptic Curve Cryptography for TLS |
| 459 | z/OS V1R13 | New: Elliptic Curve is not supported in FIPS mode. | Elliptic Curve Cryptography for TLS |
| 461 | z/OS V1R13 | New: EC domain parameter format is not supported. | Elliptic Curve Cryptography for TLS |
| 462 | z/OS V1R13 | New: Elliptic curve point format is not supported. | Elliptic Curve Cryptography for TLS |
| 463 | z/OS V1R13 | New: Cryptographic hardware does not support service or algorithm. | Elliptic Curve Cryptography for TLS |
| 464 | z/OS V1R13 | New: Elliptic curve list is not valid. | Elliptic Curve Cryptography for TLS |
| 465 | z/OS V2R1 | New: ICSF PKCS #11 services are disabled. | FIPS 140-2 Support |
| 466 | z/OS V1R13 with APAR OA39422 | New: Signature algorithm pairs list is not valid. | TLS V1.2 |
| 467 | z/OS V1R13 with APAR OA39422 | New: Signature algorithm not in signature algorithm pairs list. | TLS V1.2 |
| 468 | z/OS V1R13 with APAR OA39422 | New: Certificate key algorithm not in signature algorithm pairs list. | TLS V1.2 |
| 469 | z/OS V2R1 | New: Incorrect key attribute. | Support for secure private keys in a PKCS #11 token |
| 470 | z/OS V2R1 | New: Certificate does not meet Suite B requirements. | Suite B for TLS |
| 471 | z/OS V2R1 | New: Secure private key cannot be used with a fixed ECDH key exchange. | Support for secure private keys in a PKCS #11 token |
| 472 | z/OS V2R1 | New: Clear key support not available because of ICSF key policy. | Release update |
| 473 | z/OS V2R2 | New: OCSP responder requires a signed request | Certificate revocation enhancement |
| 474 | z/OS V2R2 | New: HTTP response is not valid | Certificate revocation enhancement |
| 475 | z/OS V2R2 | New: OCSP response is not valid | Certificate revocation enhancement |
| 476 | z/OS V2R2 | New: Session ID entry does not exist | Client session resumption enhancement |
| 477 | z/OS V2R2 | New: Client session identifier does not match the server session identifier | Client session resumption enhancement |
| 478 | z/OS V2R2 | New: Client session cache attributes do not agree | Client session resumption enhancement |
| 479 | z/OS V2R2 | New: SID VALUE is not valid | Client session resumption enhancement |
| 480 | z/OS V2R2 | New: PEER ID is not valid | Client session resumption enhancement |
| 481 | z/OS V2R2 | New: OCSP request failed with internal responder error | Certificate revocation enhancement |
| 482 | z/OS V2R2 | New: OCSP response is expired | Certificate revocation enhancement |
| 483 | z/OS V2R2 | New: Error creating OCSP request | Certificate revocation enhancement |
| 484 | z/OS V2R2 | New: Maximum response size exceeded | Certificate revocation enhancement |
| 485 | z/OS V2R2 | New: HTTP server communication error | Certificate revocation enhancement |
| 486 | z/OS V2R2 | New: Nonce in OCSP response does not match value in OCSP request | Certificate revocation enhancement |
| 487 | z/OS V2R2 | New: OCSP response not received within configured time limit | Certificate revocation enhancement |
| 488 | z/OS V2R2 | New: Revocation information is not yet valid | Certificate revocation enhancement |
| 489 | z/OS V2R2 | New: HTTP server host name is not valid | Certificate revocation enhancement |
| 490 | z/OS V2R2 | New: PKCS #12 file content not valid | PKCS#12 certificate storage |
| 491 | z/OS V2R2 | New: Required basic constraints certificate extension is missing | Release update |
| 492 | z/OS V2R2 | New: Maximum number of locations allowed to be contacted during certificate validation has been reached | Certificate revocation enhancement |
| 493 | z/OS V2R2 | New: HTTP response not received within configured time limit | Certificate revocation enhancement |
| 494 | z/OS V2R2 | New: LDAP response not received within configured time limit | Certificate revocation enhancement |
| 495 | z/OS V2R2 | New: OCSP request failed with try later error | Certificate revocation enhancement |
| 601 | z/OS V1R13 with APAR OA39422 | Changed: Protocol is not SSL V3, TLS V1.0, TLS V1.1, or TLS V1.2. | TLS V1.2 |