IBM Support

PH24493: SSL0209E WITH IHS 9.0.5.2 AND LATER

A fix is available

PH24493: SSL0209E with IBM HTTP Server 9.0.5.2 and later (GSKit upgrade to 8.0.55.15)

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • SSL0209E with IHS 9.0.5.2 and later

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:  All users of IBM HTTP Server                *
****************************************************************
* PROBLEM DESCRIPTION: SSL handshakes in 9.0.5.2 or later      *
*                      fail with SSL0209E in the error_log.    *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
If a TLS 1.3 connection is established then resumed on a new
connection, and the cipher used is TLS_AES_256_GCM_SHA384,
GSKit can fail and return GSK_ERROR_CRYPTO which results in IHS
logging an SSL0209E error.
Note: Many other causes of SSL0209E exist.

    



Problem conclusion


    

  • GSKit will be updated to 8.0.55.15 or later to address the
issue.

In the meantime, an easy circumvention exists:

SSLCipherSpec TLS13 -TLS_AES_256_GCM_SHA384


The fix for this APAR is targeted for inclusion in IBM HTTP
Server fix packs 9.0.5.4.  For more information,
see 'Recommended Updates for WebSphere Application Server':
http://www.ibm.com/support/docview.wss?
rs=180&uid=swg27004980

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH24493
    • 

  • Reported component name
    IBM HTTP SERVER
    • 

  • Reported component ID
    5724J0801
    • 

  • Reported release
    900
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2020-04-17
    • 

  • Closed date
    2020-04-17
    • 

  • Last modified date
    2020-04-17
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    IBM HTTP SERVER
    • 

  • Fixed component ID
    5724J0801
    • 



Applicable component levels


    

  • R900  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            07 September 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback