IBM Support

IC94877: DATAPOWER SSL SERVER INCORRECTLY REJECTS LARGE CLIENT_VERIFY MSG

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • When DataPower is configured as an SSL server that requests
    client authentication, it might incorrectly reject certain large
    ClientVerify SSL handshake messages from the client.
    
    Specifically it might incorrectly reject any ClientVerify
    messages created with RSA keys larger than 4096 bits.
    

Local fix

Problem summary

  • SSL handshakes where DataPower is the SSL server might fail if
    there is client authentication and the client's RSA key is
    larger than 4096 bits.  For example 8192-bit RSA clients might
    not do client authentication successfully.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    IC94877

  • Reported component name

    DATAPOWER

  • Reported component ID

    DP1234567

  • Reported release

    402

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-08-14

  • Closed date

    2013-08-15

  • Last modified date

    2014-01-08

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DATAPOWER

  • Fixed component ID

    DP1234567

Applicable component levels

  • R402 PSY

       UP

  • R500 PSY

       UP

  • R600 PSY

       UP

  • R382 PSN

       UP

  • R401 PSN

       UP



Document information

More support for: IBM DataPower Gateways
General

Software version: 4.0.2

Reference #: IC94877

Modified date: 08 January 2014