Start of change If using RACF key rings, certificates that are marked as not trusted in the RACF database are not retrieved from the key ring. Ensure that the certificates needed to build the certificate’s trust chain are available. End of change

Start of change If using RACF key rings and the DIGTCERT and DIGTRING classes are RACLIST'ed, issue the SETROPTS RACLIST (DIGTCERT, DIGTRING) REFRESH command to refresh the profiles to ensure that the latest changes are available. End of change

Start of change If generic profiling checking was enabled for the DIGTCERT class when the certificate was created or added and its issuer's distinguished name contains any generic characters (*, & and %), a generic certificate profile was created. This generic profile processing may cause the certificate not to be read from the key ring. This certificate will need to be removed and added back after turning off generic profile checking for DIGTCERT class. The SEARCH CLASS(DIGTCERT) command can be used to determine if the certificate’s profile is generic. A (G) indicates generic. End of change

7 No certificates available.

Explanation

The key database, PKCS #12 file, SAF key ring, or z/OS PKCS #11 token does not contain any certificates, or the SSL client application does not have a certificate available when authentication is requested by the server.

User response

Check for available certificates and add the user certificate and any necessary certification authority certificates to the key database, SAF key ring, or z/OS PKCS #11 token if necessary.

If using a PKCS #12 file, ensure that the file contains the necessary certificates.

If using RACF key rings and the DIGTCERT and DIGTRING classes are RACLIST'ed, issue the SETROPTS RACLIST (DIGTCERT, DIGTRING) REFRESH command to refresh the profiles to ensure that the latest changes are available. Specify a certificate for the client application to use.

8 Certificate validation error.

Explanation

An error is detected while validating a certificate. This error can occur for the following reasons:

The root CA certificate is not found in the key database, PKCS #12 file, SAF key ring, or z/OS PKCS #11 token.
The certificate is not marked as a trusted certificate.
The certificate requires an algorithm or key size that is non-FIPS while executing in FIPS mode.
The certificate does not validate properly according to the specifications of RFCs 2459, 3280, 5280, or 5759. The validation mode is determined by the GSK_CERT_VALIDATION_MODE setting. RFC 5759 certificate validation is only done when GSK_SUITE_B_PROFILE is set to 128MIN or 192MIN which overrides the GSK_CERT_VALIDATION_MODE setting.
If TLS V1.3 is negotiated for a secure connection, certificate validation is done according to RFC 5280 unless the GSK_CERT_VALIDATION_MODE setting is explicitly specified.

User response

The following must be verified depending upon the error that is encountered:

Verify that the root CA certificate is in the key database, PKCS #12 file, SAF key ring, or z/OS PKCS#11 token and is marked as trusted.
Check all certificates in the certification chain and verify that they are trusted and are not expired.
If executing in FIPS mode, check that only FIPS algorithms and key sizes are used by the certificate. For more information, see System SSL and FIPS 140-2.
If using RACF key rings, certificates that are marked as not trusted in the RACF database are not retrieved from the key ring. Ensure that the certificates needed to build the certificate’s trust chain are available.
If using RACF key rings and the DIGTCERT and DIGTRING classes are RACLIST'ed, issue the SETROPTS RACLIST (DIGTCERT, DIGTRING) REFRESH command to refresh the profiles to ensure that the latest changes are available.
If generic profiling checking was enabled for the DIGTCERT class when the certificate was created or added and its issuer's distinguished name contains any generic characters (*, & and %), a generic certificate profile was created. This generic profile processing may cause the certificate not to be read from the key ring. This certificate will need to be removed and added back after turning off generic profile checking for DIGTCERT class. The SEARCH CLASS(DIGTCERT) command can be used to determine if the certificate’s profile is generic. A (G) indicates generic.
Verify the certificates in the peer certificate chain adhere to the RFC specifications of the certificate validation mode. The RFCs indicate the required and optional characteristics of the certificates. If GSK_SUITE_B_PROFILE is set to 128MIN or 192MIN, see Suite B cryptography support for more information.

Collect a System SSL trace that contains the error and then contact your service representative if the problem persists.

9 Cryptographic processing error.

Explanation

An error is detected by a cryptographic function. This error might also occur while running in FIPS mode when negotiating a secure connection in the following cases:

Using a non-FIPS key size.
Using a non-FIPS elliptic curve.
Using a triple DES cipher and the negotiated triple DES session key does not have three unique key parts.

User response

The client and server cipher specifications do not contain at least one value in common. Client and server cipher specifications might be limited depending on which System SSL FMIDs are installed. See Cipher suite definitions for more information. Server cipher specifications are dependent on the type of algorithms that are used by the server certificate (RSA, DSA, ECDSA, or Diffie-Hellman), which might limit the options available during cipher negotiation.
No SSL protocols are enabled or if all of the enabled protocols have empty cipher specifications or if the TLS protocol is not enabled while executing in FIPS mode.
A client supporting only SSL V2 has specified session ID cache reuse by specifying GSK_ENABLE_CLIENT_SET_PEERID set to ON or GSK_REQ_CACHED_SESSION set to ON. Session ID cache reuse is not supported with protocol SSL V2.
A server supporting only SSL V2 has specified session ID cache reuse through the GSK_SID_VALUE attribute.
Session ID cache reuse is not supported with protocol SSL V2.
Attempting to use a certificate with its ECC private key in the ICSF PKDS and only fixed ECDH ciphers are specified.
Using the TLS V1.1 or higher protocol and only the 40-bit export ciphers are specified.
Using TLS V1.2 and only 56-bit DES ciphers are specified.
Using TLS V1.2 and none of the server cipher specifications use key algorithms that are listed in the signature algorithms pairs sent by the client.
An attempt was made to use a certificate with its DH secure private key in the ICSF PKDS. Only clear private keys are supported.
An attempt was made to use a certificate with its ECC secure private key in the ICSF PKDS. Only clear private keys are supported.
Using Suite B mode and no required Suite B ciphers were specified.
Using protocol TLS V1.0, TLS V1.1, or TLS V1.2, any specified ephemeral elliptic curve (ECDHE) cipher suite is ignored if the client and server do not have a supported elliptic curve in common.
The server has selected TLS V1.3, but there are no TLS V1.3 cipher specifications specified.
The remote partner indicated a handshake failure which is a generic error that is encountered during the handshake. This can occur for various reasons such as (but not limited to) the following:
- The remote partner required the extended master secret extension, but it was not specified on this connection.
- The remote server partner's certificate chain contains a certificate using a signature algorithm pair that was not specified in either the GSK_TLS_CERT_SIG_ALG_PAIRS or GSK_TLS_SIG_ALG_PAIRS set by the client when attempting a TLS V1.2 or TLS V1.3 handshake.

User response

Ensure that the client and the server have at least one cipher specification and protocol in common. Verify that specified session identifier is correct, not expired, that the cache is large enough to hold the cached session entry, and that maximum connection has not been reached.

If an ephemeral elliptic curve (ECDHE) cipher is expected to be used, ensure that the client and server have a supported elliptic curve or group specification in common. The client provides its list of supported elliptic curves as part of the TLS handshake. If the server does not support at least one elliptic curve supported by the client, TLS_ECDHE cipher suites cannot be used. TLS_ECDHE_ECDSA cipher suites cannot be used if the server’s certificate does not match one of the client’s supported elliptic curves. A z/OS System SSL client specifies the list of supported elliptic curves through the GSK_CLIENT_ECURVE_LIST setting. An empty client list means all elliptic curves supported can be used. The FIPS setting may further restrict what elliptic curves can be used. A z/OS System SSL server specifies the list of supported elliptic curves through the GSK_SERVER_ALLOWED_KEX_ECURVES setting. See Table 5 for supported curves or groups. End of change

Start of change Ensure that the GSK_TLS_CERT_SIG_ALG_PAIRS or GSK_TLS_SIG_ALG_PAIRS setting is defined to include all of the signature algorithm pairs that are both supported by the local application and expected from the remote peer. End of change

403 No certificate received from partner.

Explanation

The required certificate was not received from the communication partner.

User response

Ensure that the remote application is sending the certificate. Collect a System SSL trace containing the error and then contact your service representative if the error persists.

405 Certificate format is not supported.

Explanation

The certificate received from the communication partner is not supported during the negotiated SSL or TLS protocol handshake.

User response

If an ECC certificate is received from the communication partner during a TLS V1.0, TLS V1.1, or TLS V1.2 handshake, the certificate's elliptic curve must be specified in the GSK_CLIENT_ECURVE_LIST environment variable or attribute type. Start of change System SSL does not support x25519 and x448 certificates. If the communication partner’s certificate is either x25519 or x448, a different certificate must be provided. End of change

If a TLS V1.3 handshake is attempted, DSA, Diffie-Hellman, and Start of change elliptic curve x25519 or x448 End of change certificates are not allowed to be received from the communication partner. There are limitations on the key type and sizes that are allowed for TLS V1.3. See gsk_secure_socket_init()'s usage section for more information. The communication partner will need to provide a different certificate. End of change

If the problem persists, collect a System SSL trace that contains a dump with the unsupported certificate and then contact your service representative.

406 Error while reading or writing data.

Explanation

An I/O error was reported while the System SSL run time was reading or writing data.

User response

Ensure that there are no network errors. Collect a System SSL trace containing the error and then contact your service representative if the error persists.

407 Key label does not exist.

Explanation

The supplied label or the default key is not found in the key database or the certificate is not trusted or the certificate uses algorithms or key sizes that are not supported while executing in FIPS mode. If using a PKCS #12 file as the certificate database, the label is either the certificate's friendly name or the subject's distinguished name.

User response

User response

Ensure that the application is authorized to access the file or facility.

For key database files, ensure that the application user ID has read access to the file.

For SAF key rings, ensure that the application user ID has appropriate permission to the SAF resource in either the FACILITY or RDATALIB class.

The user ID must have READ access to the IRR.DIGTCERT.LISTRING resource in the FACILITY class when using a SAF key ring owned by the user ID.
The user ID must have UPDATE access to the IRR.DIGTCERT.LISTRING resource in the FACILITY class when using a SAF key ring owned by another user ID, or
The user ID must have READ access to the ringOwner.ringname.LST resource in the RDATALIB class.

User response

Explanation

The key usage certificate extension does not permit the requested key operation. This error can occur if the key usage extension of a client or server certificate (if any) does not allow the appropriate key usage.

RSA server certificates using 40-bit export ciphers with a public key size greater than 512 bits must allow digital signature.
Diffie-Hellman server certificates using fixed Diffie-Hellman key exchange must allow key agreement.
Other RSA server certificates must allow key encipherment.
DSA server certificates using ephemeral Diffie-Hellman key exchange must allow digital signature.
Client certificates using fixed Diffie-Hellman key exchange must allow key agreement.
ECC client and server certificates using fixed EC Diffie-Hellman (ECDH) key exchange must allow key agreement.
Otherwise, client certificates must allow digital signature.

User response

Specify a certificate with the appropriate key usage.

If the gskkyman utility was used to create either the client (user) or server end-entity certificate, ensure that the appropriate option was selected from the Certificate Usage menu to create a client (user) or server certificate. The Certificate Usage menu consists of options for creating certificate authority and client (user) / server end-entity certificates.

441 Client certificate not received during TLS handshake

Explanation

The server requires the client to send its certificate during the TLS handshake, but a certificate was not received.

User response

Verify that the client has access to a valid certificate that can be sent to the server.

442 Multiple certificates exist for label.

Explanation

Access of certificate/key from label could not be resolved because multiple certificates/keys exist with the label.

User response

User response

Ensure the value that is supplied for Start of change

For a client application, the session identifier or a session ticket specified by GSK_PEER_ID does not exist or has expired. If a client application has set GSK_REQ_CACHE_SESSION to ON, the required cached session entry could not be located. For a client application, the maximum number of SSL environment connections has been reached by a client application so new GSK_PEER_IDs cannot be stored in the session cache.

For a server application, the session identifier specified by GSK_SID_VALUE does not exist or has expired. If a server application has set GSK_SID_VALUE, the required cached session entry could not be located when the session is using an SSL V3 through TLS V1.2 handshake or the session ticket sent by the client does not contain the correct session identifier while attempting a TLS V1.3 handshake resumption.

User response

Verify that the specified session identifier is correct, is not expired, the cache is large enough to hold the cached session entry, and the maximum client connections has not been reached.

477 Client SID does not match server SID

Explanation

For SSL V3 through TLS V1.2 handshakes, the server failed the connection request because the session identifier provided by the client through the client hello does not match the server GSK_SID_VALUE that was specified by gsk_attribute_set_buffer().

For TLS V1.3 handshakes, the server failed the connection request for one of the following reasons:

The session or ticket identifier in the session ticket through the client hello does not match the server GSK_SID_VALUE that was specified by gsk_attribute_set_buffer().
A session ticket was not sent from the client.
If sysplex session ticket caching is not enabled (GSK_SYSPLEX_SESSION_TICKET_CACHE option is set to OFF), the server is unable to decrypt the session ticket because the encryption key is not available.
The session ticket is expired.

User response

Verify that the specified session identifier is correct.

If attempting to resume a TLS V1.3 connection, ensure that the GSK_SESSION_TICKET_SERVER_TIMEOUT and GSK_SESSION_TICKET_SERVER_KEY_REFRESH settings are appropriate to allow for the session ticket sent from the client to be used. Start of change The GSK_SESSION_TICKET_SERVER_KEY_REFRESH setting is only relevant when sysplex session ticket caching is not enabled and GSK_SESSION_TICKET_SERVER_ENABLE is set to ON. End of change If the session ticket is expired or the key used to encrypt the session ticket is not available, session reuse will fail.

478 Client session cache attributes do not agree

Explanation

Client application attributes GSK_ENABLE_CLIENT_SET_PEERID, GSK_REQ_CACHED_SESSION, GSK_V3_SIDCACHE_SIZE, GSK_V3_SESSION_TIMEOUT, and GSK_SESSION_TICKET_CLIENT_ENABLE conflict.

User response

Verify that the settings for GSK_ENABLE_CLIENT_SET_PEERID, GSK_REQ_CACHED_SESSION, GSK_V3_SIDCACHE_SIZE, GSK_V3_SESSION_TIMEOUT, and GSK_SESSION_TICKET_CLIENT_ENABLE are in agreement.

Attribute conflicts may cause the application to not behave as desired and may result in handshake failures. SID cache reuse requires that the cache be defined and active.

One or more of the following conflicts may need to be corrected:

A client application has set GSK_ENABLE_CLIENT_SET_PEERID to OFF and GSK_REQ_CACHED_SESSION to ON.
A client application has set GSK_ENABLE_CLIENT_SET_PEERID to ON and attributes GSK_V3_SIDCACHE_SIZE or GSK_V3_SESSION_TIMEOUT to zero.
A client application has set GSK_ENABLE_CLIENT_SET_PEERID to ON and attribute GSK_SESSION_TICKET_CLIENT_ENABLE to OFF when the connection handle is enabled for TLS V1.3.

Collect a System SSL trace containing the error and then contact your service representative if the error persists.

484 Maximum response size exceeded

Explanation

When attempting to retrieve revocation information, the HTTP response exceeded the maximum configured response size for either an OCSP response or a HTTP CRL. The response size is provided through either GSK_HTTP_CDP_MAX_RESPONSE_SIZE or GSK_OCSP_MAX_RESPONSE_SIZE environment variables or attributes.

User response

Ensure that the HTTP response maximum size is adequate for the size of the CRLs or OCSP responses that are being retrieved. If necessary, increase the maximum response size until an adequate size is provided to handle the CRLs or OCSP responses that are being retrieved. If unable to determine an adequate size, collect a System SSL trace containing the error and then contact your service representative.

485 HTTP server communication error

Explanation

Unable to establish a connection to contact the HTTP server or the OCSP responder to retrieve certificate revocation information.

User response

If enabled for OCSP and a dedicated OCSP responder is enabled, ensure that the responder is running and can be accessed.

If enabled for OCSP responders identified in the certificate AIA extension, ensure that the OCSP responders specified in the extension are running and can be accessed.

If HTTP CRL support is enabled, ensure that the HTTP server specified in the CRL Distribution Point extension is running and can be accessed.

If there is a firewall in place and either an HTTP proxy server or port or an OCSP proxy server or port has been identified, ensure that the servers and ports settings are correct and the servers can be accessed. The HTTP proxy server and port are specified through the GSK_HTTP_CDP_PROXY_SERVER_NAME and GSK_HTTP_CDP_PROXY_SERVER_PORT attributes or environment variables. The OCSP proxy server and port are specified through the GSK_OCSP_PROXY_SERVER_NAME and GSK_OCSP_PROXY_SERVER_PORT attributes or environment variables.

Collect a System SSL trace containing the error and then contact your service representative if the error persists.

486 Nonce in OCSP response does not match value in OCSP request

Explanation

When validating the nonce in the OCSP response, the value did not match the value sent in the OCSP request.

Explanation

The URI value in the AIA extension or the CDP extension is not in the correct format or cannot be resolved by the Domain Name Service (DNS). The correct URI format is http://hostname[:portNumber].

User response

If the GSK_OCSP_ENABLE parameter is enabled, verify that the certificate being verified has a URI value in the AIA extension that is properly formatted and can be resolved by the DNS. It may be necessary to obtain a new certificate or to specify the GSK_OCSP_PROXY_SERVER_NAME and GSK_OCSP_PROXY_SERVER_PORT parameters if there is a need to pass through a firewall. If the GSK_OCSP_URL or GSK_OCSP_PROXY_SERVER_NAME parameters are specified, verify that the host name and the IP address is properly formatted and can be resolved by the DNS.

If the GSK_HTTP_CDP_ENABLE parameter is enabled, verify that the certificate being verified has a URI value in the CDP extension that is properly formatted and can be resolved by the DNS. It may be necessary to obtain a new certificate or to specify the GSK_HTTP_CDP_PROXY_SERVER_NAME and GSK_HTTP_CDP_PROXY_SERVER_PORT parameters if there is a need to pass through a firewall.

490 PKCS #12 file content not valid

Explanation

When processing the PKCS #12 file, a format error was detected. This can occur if the file is not properly ASN.1 encoded, been modified if transferred, or the PKCS #12 file is not a Version 3 binary file. PKCS #12 Version 1 files and files in Base64 format are not supported.

User response

If the current file is either a PKCS #12 Version 1 file or a Base64 encoded file, it must be replaced with a PKCS #12 Version 3 file. If transferring the file, be sure to transfer the file in binary format. Correct the PKCS #12 file or obtain a new PKCS #12 file. If the problem persists, collect a System SSL Trace containing the error and then contact your service representative.

491 Required basic constraints certificate extension is missing

Explanation

During the establishment of an SSL/TLS secure connection (gsk_secure_socket_init() or gsk_secure_soc_init() API) with certificate validation processing set to mode ANY or 2459, an intermediate CA certificate was encountered outside of a trusted certificate source (for example, key database file, PKCS #12 file, SAF key ring, or PKCS #11 token), which does not have a basic constraints extension.

User response

User response

If a TLS V1.3 connection is being negotiated:

The minimum key size for an RSA peer certificate is the larger of the following two values: 2048 or the value specified in the GSK_PEER_RSA_MIN_KEY_SIZE attribute.
The minimum key size for an ECC peer certificate is the larger of the following two values: 256 or the value specified in the GSK_PEER_ECC_MIN_KEY_SIZE attribute.

509 Key label list is not valid

Explanation

When using the environment variable GSK_SERVER_KEY_LABEL_LIST, one of the following may have occurred:

More than 8 key labels were specified.
A specified key label is greater than 127 characters. The backslash (\) characters used as an escape character for a blank space or comma in the label name are not counted as part of that 127 character maximum length.
List did not consist of at least one key label.

User response

If the negotiated protocol is TLS V1.2 and earlier, the OCSP responder that System SSL has contacted may have provided an improperly formatted OCSP response that System SSL has included in the CERTIFICATE-STATUS message. Verify that the TLS client is able to handle the OCSP responses that reside in the CERTIFICATE-STATUS message.

If the negotiated protocol is TLS V1.3, the OCSP responder that System SSL has contacted may have provided an improperly formatted OCSP response that System SSL has included in the Certificate Status Request extension. Verify that the TLS client is able to handle the OCSP responses that reside within the Certificate Status Request extension in the server’s CERTIFICATE message.

If the error persists, collect a System SSL trace containing the error and then contact your service representative.

513 An inappropriate protocol fallback is detected

Explanation

The server is enabled for the Signaling Cipher Suite Value (SCSV) support by setting the GSK_SERVER_FALLBACK_SCSV attribute type on gsk_attribute_set_enum() to GSK_SERVER_FALLBACK_SCSV_ON or the GSK_SERVER_FALLBACK_SCSV environment variable to ON. When the SCSV is present in the client's supported cipher list during a handshake, it indicates that the client is attempting a fallback handshake with an earlier SSL or TLS protocol. If the server's highest supported TLS or SSL protocol level is greater than the client's SSL or TLS protocol level, the handshake fails with this error.

User response

User response

Check with the remote partner to determine the key share groups that are to be used and supported by both sides.

If running as a server application, ensure that there is at least one key share group specified in the GSK_SERVER_TLS_KEY_SHARES that is also supported by the remote client partner.

If running as a client application, the remote server partner has selected a key share group that has not been specified in the GSK_CLIENT_TLS_KEY_SHARES list. It may be necessary to update the client’s GSK_CLIENT_TLS_KEY_SHARES and GSK_CLIENT_ECURVE_LIST settings to include the server’s selected key share group. If the problem persists, collect a System SSL trace containing the error and then contact your service representative.

517 No matches between elliptic curve and key share lists

Explanation

On the client side Start of change when TLS V1.3 is enabled End of change , System SSL uses the GSK_CLIENT_ECURVE_LIST setting to specify the elliptic curves or supported groups that are sent to the server. The GSK_CLIENT_TLS_KEY_SHARES setting specifies the key share groups and it must contain at least one of the groups in the GSK_CLIENT_ECURVE_LIST setting.

On the server side, System SSL Start of change has selected TLS V1.3 for the handshake and End of change has determined that the client has sent the elliptic curves or supported groups in a different order than the key share groups.

User response

If running as a client application, update the GSK_CLIENT_ECURVE_LIST or the GSK_CLIENT_TLS_KEY_SHARES to include at least one group that is in common between the two lists. The GSK_CLIENT_TLS_KEY_SHARES list should be a subset of the groups that are specified in the GSK_CLIENT_ECURVE_LIST. Verify that the GSK_CLIENT_ECURVE_LIST is not empty Start of change (NULL) End of change .

If running as a server application, contact the remote client partner to verify the elliptic curves or supported groups and the key shares are properly configured. If the problem persists, collect a System SSL trace containing the error and then contact your service representative.

518 Alert received from remote partner is allowed by protocol but not expected by System SSL

Explanation

An alert has been received from the remote partner that is supported by the protocol, but is not expected by System SSL.

User response

Contact the remote partner and verify that it is sending the appropriate alert in this scenario. If the problem persists, collect a System SSL trace containing the error and then contact your service representative.

519 Required ciphers have not been specified

Explanation

This error can occur for the following reasons:

The client has enabled the TLS V1.3 protocol and has not specified at least one valid TLS V1.3 cipher specification.
The client has enabled the TLS V1.3 protocol along with another TLS protocol and has not specified at least one cipher that is supported with the TLS V1.0, TLS V1.1, or TLS V1.2 protocol.

User response

If the client is enabled for the TLS V1.3 protocol:

Verify that there is at least one valid TLS V1.3 cipher specification has been specified in the GSK_V3_CIPHER_SPECS_EXPANDED setting.
Verify that there is at least one cipher specification in the GSK_V3_CIPHER_SPECS_EXPANDED setting that is supported with the other TLS protocols that are enabled.

For more information about the supported cipher specifications, see Table 3.

520 4-character cipher specifications are required

Explanation

If TLS V1.3 is enabled, 4-character cipher specifications must be used.

User response

The application must call gsk_attribute_set_enum() and set the enumeration identifier GSK_V3_CIPHERS to have a value of GSK_V3_CIPHERS_CHAR4. Once enabled for 4-character cipher specifications, the application uses the GSK_V3_CIPHER_SPECS_EXPANDED setting for the cipher specifications.

For more information about the supported cipher specifications, see Table 3.

521 Client has detected that the server has attempted an unexpected protocol fallback

Explanation

An unexpected protocol fallback to an earlier TLS protocol has been detected by the client.

User response

A fallback to an earlier TLS protocol has been detected by the client although the server supports a later TLS protocol. Verify that the application is communicating with the expected remote partner. If the problem persists, collect a System SSL trace containing the error and then contact your service representative.

522 Signature algorithm used by the remote partner for a secure connection is not correct.

Explanation

The remote partner used an incorrect or an unexpected signature algorithm during the TLS V1.3 handshake. The remote partner signed its TLS V1.3 handshake messages with a signature algorithm that was not included in its local signature algorithm list (GSK_TLS_SIG_ALG_PAIRS) or one that is not allowed to be used with TLS V1.3.

User response

Contact the remote partner and verify that it is using the correct signature algorithm for the TLS V1.3 handshake. The remote partner may use a signature algorithm that is not supported by the local application to sign TLS handshake messages. If communicating with a z/OS System SSL remote partner, it may use a preferred signature algorithm if there are no signature algorithms in common. See Signature and hash algorithms for more information. In these cases, the local GSK_TLS_SIG_ALG_PAIRS setting should be updated to support the remote partner’s certificate chain.
If the remote partner is using an RSA certificate, an RSASSA-PSS signature algorithm (0804, 0805, or 0806) must be used to sign the TLS V1.3 handshake messages.
The remote partner used a signature algorithm that is not supported in TLS V1.3 for the certificate verify message. These signature algorithms are not supported in TLS V1.3: Any DSA signature algorithm, RSASSA-PSS and ECDSA with SHA-1 and SHA-224 signature algorithms, and RSA with MD2, MD5, SHA-1 and SHA-224 signature algorithms.

Ensure that the remote partner is correctly configured to receive the configured certificate and the remote partner's own certificate is supported. The remote partner may need to update its supported signature list to allow the certificate’s signature to be used. If the remote partner is another System SSL application, the GSK_TLS_SIG_ALG_PAIRS or GSK_TLS_CERT_SIG_ALG_PAIRS settings may need to be updated. The remote partner may require a minimum key certificate key size. If the remote partner is another System SSL application, the GSK_PEER_RSA_MIN_KEY_SIZE, GSK_PEER_ECC_MIN_KEY_SIZE, GSK_PEER_DSA_MIN_KEY_SIZE, or GSK_PEER_DH_MIN_KEY_SIZE settings may need to be adjusted on the remote partner. If the remote partner is configured correctly, it may be necessary to update the local certificate to one that is supported by the remote application.

If a TLS V1.3 handshake is attempted, there are limitations on the key type and sizes that are allowed for TLS V1.3. See gsk_secure_socket_init() 's usage section for more information.

If the remote partner supports the certificate sent to it, the remote partner's own certificate may need to be updated. If the remote partner is another System SSL application running in FIPS mode, ensure that the remote partner's certificate is supported. See Algorithms and key sizes for more information about the supported certificates in FIPS mode.

If the problem persists, contact the remote partner application to collect additional diagnostic data to determine why the sent certificate or the remote partner's own certificate is not supported.

534 Remote partner indicates an incorrect PSK identity value

Explanation

The client attempted a TLS V1.3 session resumption with only one session ticket present in its pre-shared key extension. The server responded with an unexpected index value present in its pre-shared key extension response.

User response

Ensure that the remote server partner is operating correctly and supports TLS V1.3 session resumption. If the problem persists, contact the vendor of the remote server partner.

535 PSK exchange modes extension from the remote partner does not contain supported value

Explanation

System SSL supports only PSK with (EC)DHE key establishment for TLS V1.3 resumption. The remote partner has not indicated its support of PSK with (EC)DHE.

User response

Ensure that the remote partner supports and is specifying support for PSK with (EC)DHE key establishment for TLS V1.3 resumption. If the problem persists, collect a System SSL trace containing the error and then contact your service representative.

If the remote partner is another SSL/TLS provider, contact the vendor of that product.

536 TLS session has expired

Explanation

The server can no longer send or accept session tickets because the number of seconds since the initial handshake has exceeded the server timeout value.

User response

The server cannot send or receive session tickets until the remote partner has requested a new connection and a full TLS V1.3 handshake has been negotiated. If the problem persists, the GSK_SESSION_TICKET_SERVER_TIMEOUT setting may need to be increased.

537 Attempt to send session ticket failed due to incorrect resumption attributes

Explanation

The server is not configured correctly to send a session ticket. This return code is returned to the caller when GSK_SEND_SESSION_TICKET has been specified in a call to gsk_secure_socket_misc(). It can occur because:

GSK_SESSION_TICKET_SERVER_ENABLE is set to OFF.
GSK_SESSION_TICKET_SERVER_COUNT is greater than 0.
A client is attempting to send a session ticket.

User response

Verify the following:

GSK_SESSION_TICKET_SERVER_ENABLE is set to ON.
GSK_SESSION_TICKET_SERVER_COUNT is set to 0.
The call is being made by a server session.

If the problem persists, collect a System SSL trace containing the error and then contact your service representative.

538 Remote partner used an incorrect cipher on a resumption attempt

Explanation

The client detected that the server selected an incompatible cipher specification on the TLS V1.3 resumption handshake attempt. Servers supporting TLS V1.3 resumptions may use a different cipher specification on the resumed handshake as long as the hash algorithm associated with the two ciphers are compatible. If the initial handshake used cipher 1301 and the server selected cipher 1303 on the resumed handshake, this is not allowed as cipher 1301 uses a hash algorithm of SHA-256 while cipher 1303 uses a hash algorithm of SHA-384. The resumption handshake attempt fails.

User response

The client and server cipher specifications do not contain at least one value in common. Client and server cipher specifications might be limited depending on which System SSL FMIDs are installed. See Cipher suite definitions for more information. Server cipher specifications are dependent on the type of algorithms that are used by the server certificate (RSA, DSA, ECDSA, or Diffie-Hellman), which might limit the options available during cipher negotiation.
If this is a client application attempting a TLS V1.3 handshake, ensure that the remote server partner has support for the groups specified in the GSK_CLIENT_TLS_KEY_SHARES and GSK_CLIENT_ECURVE_LIST settings.
The remote partner indicated a handshake failure which is a generic error that is encountered during the handshake. This can occur for various reasons such as (but not limited to) the following:
- The remote server partner's certificate chain contains a certificate using a signature algorithm pair that was not specified in either the GSK_TLS_CERT_SIG_ALG_PAIRS or GSK_TLS_SIG_ALG_PAIRS set by the client when attempting a TLS V1.3 handshake.

User response

Ensure that the client and the server have at least one cipher specification. If the problem persists, collect a System SSL trace and contact the remote partner to obtain the necessary diagnostics or traces to determine why the handshake failed.

543 Remote partner indicates sent TLS handshake message is not valid.

Explanation

The remote partner has indicated that a TLS message sent from the local application is not valid.

User response

Ensure that the remote partner is correctly parsing the sent TLS message. If the problem persists, collect a System SSL trace and contact the remote partner to obtain the necessary diagnostics or traces to determine why the TLS message is not valid.

544 Missing required TLS extended master secret extension from remote partner

Explanation

The TLS server or client encountered a communicating partner that does not support the extended master secret extension. The TLS extended master secret extension is specified as required locally and the communicating partner did not send or provide the extension during the TLS V1.0, TLS V1.1, or TLS V1.2 handshake.

User response

If running as a client application, the GSK_CLIENT_EXTENDED_MASTER_SECRET option has been set to REQUIRED; however, the remote server partner did not include the extended master secret extension during the TLS V1.0, TLS V1.1, or TLS V1.2 handshake. Ensure that the GSK_CLIENT_EXTENDED_MASTER_SECRET option is set appropriately for the remote server partners that are being contacted. If the server partner is a z/OS System SSL application, ensure that the GSK_SERVER_EXTENDED_MASTER_SECRET option is set to ON or REQUIRED and it must be running z/OS V2R3 or later and have PTFs for APAR OA60105 (z/OS V2R3 and V2R4) applied and active. If the remote server partner is another SSL/TLS provider, contact the remote server partner vendor to enable support for the extended master secret extension.

If running as a server application, the GSK_SERVER_EXTENDED_MASTER_SECRET option has been set to REQUIRED; however, the remote client partner did not include the extended master secret extension during the TLS V1.0, TLS V1.1, or TLS V1.2 handshake. Ensure that the GSK_SERVER_EXTENDED_MASTER_SECRET option is set appropriately for the remote client partners that are communicating with this server. If the client partner is a z/OS System SSL application, ensure that the GSK_CLIENT_EXTENDED_MASTER_SECRET option is set to ON or REQUIRED and it must be running z/OS V2R3 or later and have PTFs for APAR OA60105 (z/OS V2R3 and V2R4) applied and active. If the remote client partner is another SSL/TLS provider, contact the remote client partner vendor to enable support for the extended master secret extension.

545 Extended master secret extension mismatch detected on cached TLS handshake attempt

Explanation

The TLS client attempted to use a previously negotiated session with the server that did not originally negotiate the extended master secret extension. On the cached handshake attempt, the remote server indicated that it was able to successfully use the cached session; however, it included the extended master secret extension which is not allowed.

User response

Contact the remote server partner to determine why it is sending the extended master secret extension on a cached TLS handshake. If the problem persists, collect a System SSL trace containing the error and then contact your service representative.

546 Incorrect extended key usage.

Explanation

The extended key usage certificate extension does not permit the requested key operation. This error can occur if the extended key usage extension of a client or server certificate restricts the purposes for which the certificate’s key can be used.

Server certificates used for server authentication in 3280 or 5280 validation mode with an extended key usage extension must allow either the serverAuth or the anyExtendedKeyUsage purpose.
Client certificates used for client authentication in 3280 or 5280 validation mode with an extended key usage extension must allow either the clientAuth or the anyExtendedKeyUsage purpose.

User response

Specify a certificate with the appropriate extended key usage.

547 Session ticket information cannot be successfully cached

Explanation

When trying to cache updated session ticket information prior to sending a TLS V1.3 session ticket, the System SSL started task, GSKSRVR, could not be contacted. The session ticket is not sent by the System SSL server application.

User response

Verify that the System SSL started task, GSKSRVR, is running when GSK_SYSPLEX_SESSION_TICKET_CACHE is enabled. If sysplex ticket caching is not required, disable GSK_SYSPLEX_SESSION_TICKET_CACHE in the server application. If the problem persists, contact the service representative.

548 Server certificate validation failed with provided reference ID list

Explanation

The reference list provided was not valid and server domain-based validation failed. This error might occur if:

The list provided contains more than 16384 characters.
The list contains an ID with less than three labels.
There were no matches found between the client’s reference ID list and the server certificate.
Subject DN common name validation requested (GSK_REFERENCE_ID_CN) and the server certificate contains a subject alternative name extension with a DNS name entry. Validation must be performed using the subject alternative name extension.
The server’s certificate is not type x509_name_dn.

User response

User response

Ensure that the TLS extension data is correctly defined. If the problem persists collect a System SSL trace and contact your service representative.