APAR status
Closed as program error.
Error description
Error Message: javax.net.ssl.SSLKeyException: RSA premaster secret error . Stack Trace: javax.net.ssl.SSLKeyException: RSA premaster secret errorat com.ibm.jsse2.z.<init>(z.java:39)at com.ibm.jsse2.bb.a(bb.java:423)at com.ibm.jsse2.bb.a(bb.java:360)at com.ibm.jsse2.ab.r(ab.java:352)at com.ibm.jsse2.ab.a(ab.java:127)at com.ibm.jsse2.qc.a(qc.java:196)at com.ibm.jsse2.qc.h(qc.java:352)at com.ibm.jsse2.qc.a(qc.java:523)at com.ibm.jsse2.qc.startHandshake(qc.java:730) . Problem happens when TLSv1 or TLSv1.1 was enabled with IBMPKCS11Impl provider was put before IBMJCE.
Local fix
Put IBMJCE provider before IBMPKCS11Impl
Problem summary
When IBMPKCS11Impl provider was used to generate RSA premaster secret, wrong mechanism is enabled when TLSv1 is used. Besides, IBMPKCS11Impl provider does not support the RSA premaster secret for TLSv1.1, IBMJCE should be used.
Problem conclusion
A fix is made to IBMJSSE and IBMPKCS11Impl providerThe associated Hursley RTC Problem Report is 72345The associated Austin CMVC defect is 115869JVMs affected: Java 5.0, Java 6.0, Java 626, Java 7.0 and Java 727The fix was delivered for Java 5.0 SR16FP8, Java 6.0 SR16FP2, Java 626 SR8FP2, Java 7.0 SR8 and Java 727 SR2The affected jar is "ibmjsseprovider2.jar" and "ibmpkcs11impl.jar".The build level of these jars for the affected releases is "20140902" . This APAR will be fixed in the following Java Releases: 7 SR8 (7.0.8.0) 6 SR16 FP2 (6.0.16.2) 7 R1 SR2 (7.1.2.0) 5.0 SR16 FP8 (5.0.16.8) 6 R1 SR8 FP2 (6.1.8.2) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, Java maintenance is available from: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IV64561
Reported component name
JAVA 5 SECURITY
Reported component ID
620500125
Reported release
500
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-09-03
Closed date
2014-09-10
Last modified date
2014-09-10
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
JAVA 5 SECURITY
Fixed component ID
620500125
Applicable component levels
R500 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020