APAR status
Closed as program error.
Error description
Error Message: N/A . Stack Trace: N/A . - The following PBES2 cipher algorithms were added. PBEWithHmacSHA1AndAES_128 PBEWithHmacSHA224AndAES_128 PBEWithHmacSHA256AndAES_128 PBEWithHmacSHA384AndAES_128 PBEWithHmacSHA512AndAES_128 PBEWithHmacSHA1AndAES_256 PBEWithHmacSHA224AndAES_256 PBEWithHmacSHA256AndAES_256 PBEWithHmacSHA384AndAES_256 PBEWithHmacSHA512AndAES_256 - The following OSBs were implemented. 8153005: Upgrade the default PKCS12 encryption/MAC algorithms 8267880: Upgrade the default PKCS12 MAC algorithm 8076190: Customizing the generation of a PKCS12 keystore8214513 8214513: A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11 8202837: PBES2 AlgorithmId encoding error in PKCS12 KeyStore - The following SHA-2 based HmacPBE algorithms for MAC were added. HmacPBESHA224 HmacPBESHA256 HmacPBESHA384 HmacPBESHA512 HmacPBESHA512/224 HmacPBESHA512/256 - For the OSB 8076190, Oracle made the Mac part of the PKCS12 keystore optional, but IBM still requires the MAC part of the PKCS12 keystore. This is the only difference between the Oracle implementation and the IBM implementation. - 'The keystore.pkcs12.legacy system property causes failures in JDK 8.0.7.15? was fixed - The 'PKCS12 KeyStore properties' section of the java.security file was added
Local fix
Problem summary
The new PBES2 cipher algorithms were added. The PKCS12 keystore related OSBs were implemented. The SHA-2 based HmacPBE algorithms for MAC were added. 'The keystore.pkcs12.legacy system property causes failures in JDK 8.0.7.15? was fixed The 'PKCS12 KeyStore properties' section of the java.security file was added
Problem conclusion
PROBLEM SUMMARY: Upgrading the PKCS12 keystore and adding the new PBES2 algorithms. ERROR DESCRIPTION: PROBLEM CONCLUSION: A fix is made to ibmpkcs and ibmjceprovider The associated Hursley RTC Problem Report is 148096 The associated Hursley CMVC defect is n/a The associated Austin CMVC defect is n/a The associated Austin APAR is JVMs affected: Java 8 The fix was delivered for Java 8 SR8 The affected jar is "ibmpkcs.jar", "ibmjceprovider.jar" The build levels of these jar for the affected releases are 20220921-406(ibmpkcs), 20220921-674(ibmjceprovider) . This APAR will be fixed in the following Releases: . IBM SDK, Java Technology Edition 8 SR8 (8.0.8.0) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available maintenance can be found at: https://www.ibm.com/support/pages/java-sdk
Temporary fix
Comments
APAR Information
APAR number
IJ43920
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-10-20
Closed date
2022-10-20
Last modified date
2023-02-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
08 February 2023