APAR status
Closed as program error.
Error description
Error Message: N/A . Stack Trace: N/A .
Local fix
Problem summary
As of TLS 1.1, failure to properly close a connection no longer requires that a session not be resumed. This is a change from TLS 1.0 to conform with widespread implementation practice. However, the JavaDoc states that a SSLException should be thrown on a SSLEngine.closeInbound() if the engine has not received the proper SSL/TLS close notification peer message from the peer. Throwing this SSLException will cause the SSL Session to be invalidated and therefore, the SSL Session cannot be resumed. A system property will be provided to allow the user to specify whether the JSSE implementation to thrown the exception and be in compliance with the JavaDoc or not.
Problem conclusion
A system property will be provided to allow the user to specify whether the JSSE implementation to thrown the exception and be in compliance with the JavaDoc or not. com.ibm.jsse2.sslEngineCloseNotifyReceive = true <PIPE> false default - true - be in compliance with SSLEngine.closeInputBound() JavaDoc and throws SSLException if this engine has not received the proper SSL/TLS close notification from the peer false - do not be in compliance with JavaDoc and do not throw SSLException if close/notify was not received from the peer. This is in compliance with TLS 1.1 RFC and above and will allow SSL Session resumption when close/notify was not received from the peer. Binary affected - ibmjsseprovider2.jar GIT Issue - #169 RTC - 145925 Build - 8.0 build_20210729--336 The fix was delivered for: Java 8.0 SR7 . This APAR will be fixed in the following Java Releases: 8 SR7 (8.0.7.0) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IJ34952
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-09-13
Closed date
2021-09-13
Last modified date
2021-09-23
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270"}]
Document Information
Modified date:
24 September 2021