Function return codes
Table 1 lists the new and updated function return codes. See z/OS Cryptographic Services System SSL Programming for more detailed information.
Function code | Release | Description | Reason for change |
---|---|---|---|
6 | z/OS V2R2 | Changed: Key label is not found. | PKCS#12 certificate storage |
7 | z/OS V2R2 | Changed: No certificates available. | PKCS#12 certificate storage |
8 | z/OS V2R2 | Changed: Certificate validation error. | PKCS#12 certificate storage |
13 | z/OS® V1R13 | New: Size specified for supplied structure is too small. | Release update |
14 | z/OS V1R13 | New: Required gsk_all_cipher_suites structure not supplied. | Elliptic Curve Cryptography for TLS |
102 | z/OS V2R2 | Changed: Error detected while reading certificate database | PKCS#12 certificate storage |
202 | z/OS V2R2 | Changed: Error detected while opening the certificate database. | PKCS#12 certificate storage |
z/OS V2R1 | Changed: Error detected while opening the certificate database. | Documentation clarification | |
402 | z/OS V2R2 | Changed: No SSL cipher specifications. | Documentation clarification |
z/OS V2R1 | Changed: No SSL cipher specifications. | Documentation clarification | |
z/OS V1R13 | Changed: No SSL cipher specifications. | Documentation clarification | |
407 | z/OS V2R2 | Changed: Key label does not exist. | Documentation clarification |
z/OS V2R1 | Changed: Key label does not exist. | Documentation clarification | |
417 | z/OS V2R2 | Changed: Self-signed certificate cannot be validated. | Documentation clarification |
421 | z/OS V2R2 | Changed: SSL V2 cipher is not valid. | Documentation clarification |
422 | z/OS V2R2 | Changed: SSL V3 cipher is not valid. | Documentation clarification |
z/OS V1R13 | Changed: SSL V3 cipher is not valid. | Elliptic Curve Cryptography for TLS | |
428 | z/OS V1R13 | Changed: Key entry does not contain a private key. | Documentation clarification |
432 | z/OS V1R13 | Changed: Session renegotiation is not allowed. | Documentation clarification |
436 | z/OS V2R2 | Changed: Certificate revocation list cannot be found. | Documentation clarification |
440 | z/OS V2R2 | Changed: Incorrect key usage. | Documentation clarification |
z/OS V2R1 | Changed: Incorrect key usage. | gskkyman menu restructuring - updated menu titles | |
z/OS V1R13 | Changed: Incorrect key usage. | Elliptic Curve Cryptography for TLS | |
442 | z/OS V2R2 | Changed: Multiple certificates exist for label. | PKCS#12 certificate storage |
451 | z/OS V1R13 | New: Elliptic Curve is not supported. | Elliptic Curve Cryptography for TLS |
452 | z/OS V1R13 | New: EC Parameters not supplied. | Elliptic Curve Cryptography for TLS |
453 | z/OS V1R13 | New: Signature not supplied. | Elliptic Curve Cryptography for TLS |
454 | z/OS V1R13 | New: Elliptic curve parameters are not valid. | Elliptic Curve Cryptography for TLS |
455 | z/OS V2R1 | Changed: ICSF services are not available. | Documentation clarification |
z/OS V1R13 | New: ICSF services are not available. | Elliptic Curve Cryptography for TLS | |
456 | z/OS V1R13 | New: ICSF callable service returned an error. | Elliptic Curve Cryptography for TLS |
457 | z/OS V1R13 | New: ICSF PKCS #11 not operating in FIPS mode. | Elliptic Curve Cryptography for TLS |
458 | z/OS V1R13 | New: The SSL V3 expanded cipher is not valid. | Elliptic Curve Cryptography for TLS |
459 | z/OS V1R13 | New: Elliptic Curve is not supported in FIPS mode. | Elliptic Curve Cryptography for TLS |
461 | z/OS V1R13 | New: EC domain parameter format is not supported. | Elliptic Curve Cryptography for TLS |
462 | z/OS V1R13 | New: Elliptic curve point format is not supported. | Elliptic Curve Cryptography for TLS |
463 | z/OS V1R13 | New: Cryptographic hardware does not support service or algorithm. | Elliptic Curve Cryptography for TLS |
464 | z/OS V1R13 | New: Elliptic curve list is not valid. | Elliptic Curve Cryptography for TLS |
465 | z/OS V2R1 | New: ICSF PKCS #11 services are disabled. | FIPS 140-2 Support |
466 | z/OS V1R13 with APAR OA39422 | New: Signature algorithm pairs list is not valid. | TLS V1.2 |
467 | z/OS V1R13 with APAR OA39422 | New: Signature algorithm not in signature algorithm pairs list. | TLS V1.2 |
468 | z/OS V1R13 with APAR OA39422 | New: Certificate key algorithm not in signature algorithm pairs list. | TLS V1.2 |
469 | z/OS V2R1 | New: Incorrect key attribute. | Support for secure private keys in a PKCS #11 token |
470 | z/OS V2R1 | New: Certificate does not meet Suite B requirements. | Suite B for TLS |
471 | z/OS V2R1 | New: Secure private key cannot be used with a fixed ECDH key exchange. | Support for secure private keys in a PKCS #11 token |
472 | z/OS V2R1 | New: Clear key support not available because of ICSF key policy. | Release update |
473 | z/OS V2R2 | New: OCSP responder requires a signed request | Certificate revocation enhancement |
474 | z/OS V2R2 | New: HTTP response is not valid | Certificate revocation enhancement |
475 | z/OS V2R2 | New: OCSP response is not valid | Certificate revocation enhancement |
476 | z/OS V2R2 | New: Session ID entry does not exist | Client session resumption enhancement |
477 | z/OS V2R2 | New: Client session identifier does not match the server session identifier | Client session resumption enhancement |
478 | z/OS V2R2 | New: Client session cache attributes do not agree | Client session resumption enhancement |
479 | z/OS V2R2 | New: SID VALUE is not valid | Client session resumption enhancement |
480 | z/OS V2R2 | New: PEER ID is not valid | Client session resumption enhancement |
481 | z/OS V2R2 | New: OCSP request failed with internal responder error | Certificate revocation enhancement |
482 | z/OS V2R2 | New: OCSP response is expired | Certificate revocation enhancement |
483 | z/OS V2R2 | New: Error creating OCSP request | Certificate revocation enhancement |
484 | z/OS V2R2 | New: Maximum response size exceeded | Certificate revocation enhancement |
485 | z/OS V2R2 | New: HTTP server communication error | Certificate revocation enhancement |
486 | z/OS V2R2 | New: Nonce in OCSP response does not match value in OCSP request | Certificate revocation enhancement |
487 | z/OS V2R2 | New: OCSP response not received within configured time limit | Certificate revocation enhancement |
488 | z/OS V2R2 | New: Revocation information is not yet valid | Certificate revocation enhancement |
489 | z/OS V2R2 | New: HTTP server host name is not valid | Certificate revocation enhancement |
490 | z/OS V2R2 | New: PKCS #12 file content not valid | PKCS#12 certificate storage |
491 | z/OS V2R2 | New: Required basic constraints certificate extension is missing | Release update |
492 | z/OS V2R2 | New: Maximum number of locations allowed to be contacted during certificate validation has been reached | Certificate revocation enhancement |
493 | z/OS V2R2 | New: HTTP response not received within configured time limit | Certificate revocation enhancement |
494 | z/OS V2R2 | New: LDAP response not received within configured time limit | Certificate revocation enhancement |
495 | z/OS V2R2 | New: OCSP request failed with try later error | Certificate revocation enhancement |
601 | z/OS V1R13 with APAR OA39422 | Changed: Protocol is not SSL V3, TLS V1.0, TLS V1.1, or TLS V1.2. | TLS V1.2 |