IV84952: CLASSCASTEXCEPTION IN JSSE DURING RENEGOTIATION
Closed as program error.
Error Message, as reported by customer: When trying to renegotiate a SSL connection to the server, a ClassCastException with message "com.ibm.jsse2.k incompatible with com.ibm.jsse2.l" is thrown and the client fails. Stack Trace, if applicable: java.lang.ClassCastException: com.ibm.jsse2.k incompatible with com.ibm.jsse2.l at com.ibm.jsse2.as.p(as.java:442) at com.ibm.jsse2.C.a(C.java:281) at com.ibm.jsse2.E.d(E.java:969) at com.ibm.jsse2.E.a(E.java:920) at com.ibm.jsse2.E.a(E.java:701) at com.ibm.jsse2.C.r(C.java:193) at com.ibm.jsse2.C.a(C.java:385) at com.ibm.jsse2.as.a(as.java:454) at com.ibm.jsse2.as.a(as.java:538) at com.ibm.jsse2.e.read(e.java:58) Other Error Information, as reported by customer: N/A
ClassCastException in JSSE during renegotiation ERROR DESCRIPTION: When trying to renegotiate a SSL connection to the server, a ClassCastException with message "com.ibm.jsse2.k incompatible with com.ibm.jsse2.l" is thrown and the client fails.
The issue will only happen when the client tries to RENEGOTIATE the connection with server and when the cipher suite used is an AES-GCM cipher suite. The problem is an Authenticator cannot be cast to a MAC in some cases. The fix is to add a check for the object type before casting. The associated RTC PR is 113472 The associated Austin CMVC defect is 117393 JVMs affected : Java 8.0 The fix was delivered for Java 8.0 sr3 fp10 The affected jar is "ibmjsseprovider2.jar". The build level of this jar for the affected releases is "20160603"
Reported component name
JAVA SECURE SOC
Reported component ID
NoSpecatt / Xsystem
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
JAVA SECURE SOC
Fixed component ID
Applicable component levels