APAR status
Closed as program error.
Error description
Error Message, as reported by customer: When trying to renegotiate a SSL connection to the server, a ClassCastException with message "com.ibm.jsse2.k incompatible with com.ibm.jsse2.l" is thrown and the client fails. Stack Trace, if applicable: java.lang.ClassCastException: com.ibm.jsse2.k incompatible with com.ibm.jsse2.l at com.ibm.jsse2.as.p(as.java:442) at com.ibm.jsse2.C.a(C.java:281) at com.ibm.jsse2.E.d(E.java:969) at com.ibm.jsse2.E.a(E.java:920) at com.ibm.jsse2.E.a(E.java:701) at com.ibm.jsse2.C.r(C.java:193) at com.ibm.jsse2.C.a(C.java:385) at com.ibm.jsse2.as.a(as.java:454) at com.ibm.jsse2.as.a(as.java:538) at com.ibm.jsse2.e.read(e.java:58) Other Error Information, as reported by customer: N/A
Local fix
N/A
Problem summary
ClassCastException in JSSE during renegotiation ERROR DESCRIPTION: When trying to renegotiate a SSL connection to the server, a ClassCastException with message "com.ibm.jsse2.k incompatible with com.ibm.jsse2.l" is thrown and the client fails.
Problem conclusion
The issue will only happen when the client tries to RENEGOTIATE the connection with server and when the cipher suite used is an AES-GCM cipher suite. The problem is an Authenticator cannot be cast to a MAC in some cases. The fix is to add a check for the object type before casting. The associated RTC PR is 113472 The associated Austin CMVC defect is 117393 JVMs affected : Java 8.0 The fix was delivered for Java 8.0 sr3 fp10 The affected jar is "ibmjsseprovider2.jar". The build level of this jar for the affected releases is "20160603"
Temporary fix
Comments
APAR Information
APAR number
IV84952
Reported component name
JAVA SECURE SOC
Reported component ID
TIVSECJSS
Reported release
100
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-05-18
Closed date
2016-06-23
Last modified date
2016-06-23
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
JAVA SECURE SOC
Fixed component ID
TIVSECJSS
Applicable component levels
R100 PSY
UP
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCZL3Z","label":"JSSE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"100","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
23 June 2016