IC94877: DATAPOWER SSL SERVER INCORRECTLY REJECTS LARGE CLIENT_VERIFY MSG
Fixes are available
Closed as program error.
When DataPower is configured as an SSL server that requests client authentication, it might incorrectly reject certain large ClientVerify SSL handshake messages from the client. Specifically it might incorrectly reject any ClientVerify messages created with RSA keys larger than 4096 bits.
SSL handshakes where DataPower is the SSL server might fail if there is client authentication and the client's RSA key is larger than 4096 bits. For example 8192-bit RSA clients might not do client authentication successfully.
Fix is available in 22.214.171.124, 126.96.36.199, and 188.8.131.52. For a list of the latest fix packs available, please see: http://www-01.ibm.com/support/docview.wss?uid=swg21237631
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels