IJ05598: ADDED TLS SESSION HASH AND EXTENDED MASTER SECRET EXTENSION SUPPORT
Closed as program error.
Error Message: N/A . Stack Trace: N/A .
Support has been added for the TLS session hash and extended master secret extension (RFC 7627) in the IBMJSSEProvider2 provider.
Note that in general, server certificate change is restricted if endpoint identification is not enabled and the previous handshake is a session-resumption abbreviated initial handshake, unless the identities represented by both certificates can be regarded as the same. However, if the extension is enabled or negotiated, the server certificate changing restriction is not necessary and will be discarded accordingly. In case of compatibility issues, an application may disable negotiation of this extension by setting the System Property jdk.tls.useExtendedMasterSecret to false in the JDK. By setting the System Property jdk.tls.allowLegacyResumption to false, an application can reject abbreviated handshaking when the session hash and extended master secret extension is not negotiated. By setting the System Property jdk.tls.allowLegacyMasterSecret to false, an application can reject connections that do not support the session hash and extended master secret extension. . This APAR will be fixed in the following Java Releases: 8 SR5 FP10 (126.96.36.199) 7 SR10 FP20 (188.8.131.52) 7 R1 SR4 FP20 (184.108.40.206) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Reported component name
Reported component ID
NoSpecatt / Xsystem
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID