IBM Support

PI59509: SSLC0008E SSLHANDSHAKE EXCEPTION AFTER TURNING OFF TLSV1 PROTOCOL

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • SSLC0008E SSLHandshake exception after turning off TLSv1
    protocol
    
    Configured SSL_TLSv2 in all SSL configuration and updated the
    java.security file to turn off TLSv1 protocol using property
    "jdk.tls.disabledAlgorithms=TLSv1"  After that we are seeing
    the SSLHandshake exception.
    
    This is problem happens only with when you are using JDK1.7
    
    SSLHandshakeE E   SSLC0008E: Unable to initialize SSL
    connection.  Unauthorized access was denied or
    security settings have expired.  Exception is
    javax.net.ssl.SSLException: Received fatal alert:
    handshake_failure
    

Local fix

  • na
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere Application Server Version    *
    *                  8.5.5 users of the SSL Channel              *
    ****************************************************************
    * PROBLEM DESCRIPTION: The SSL Channel might reset the         *
    *                      SSLEngine to TLSv1.0 even if that       *
    *                      protocol is disabled.                   *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    If the SSL Channel resets the SSLEngine to its default value,
    the TLS protocol that will be set is TLSv1.0. An SSL Handshake
    Exception might occur if TLSv1.0 was set to be disabled. The
    following is an example of the exception:
    SSLHandshakeE E  SSLC0008E: Unable to initialize SSL
    connection. Unauthorized access was denied or security
    settings have expired. Exception is javax.net.ssl.SSLException:
    Received fatal alert: handshake_failure
    at com.ibm.jsse2.j.a(j.java:24)
    at com.ibm.jsse2.an.a(an.java:392)
    at com.ibm.jsse2.an.a(an.java:415)
    at com.ibm.jsse2.an.j(an.java:152)
    at com.ibm.jsse2.an.b(an.java:528)
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PI59509

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-03-21

  • Closed date

    2016-04-28

  • Last modified date

    2016-04-28

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R850 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
28 April 2022