APAR status
Closed as program error.
Error description
DataPower fails to recognize ECC style certificates when only TLSv1.3 cipher suites are used in a TLS Server Profile. TLSv1.3 Specific suites: AES_256_GCM_SHA384 (TLSv1.3) CHACHA20_POLY1305_SHA256 (TLSv1.3) AES_128_GCM_SHA256 (TLSv1.3)
Local fix
Adding a TLSv1.2 cipher suite that supports ECC certificates (ECDSA) in the list of approved CipherSuites will allow the Certificate to be recognized. Example: ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Problem summary
A server or client profile with TLS 1.3 enabled and using an ECC certificate incorrectly required an ECDSA cipher.
Problem conclusion
Fix is available in 10.0.1.4. For a list of the latest fix packs available, please see: https://www.ibm.com/support/pages/node/83105
Temporary fix
Comments
APAR Information
APAR number
IT36963
Reported component name
DATAPOWER
Reported component ID
DP1234567
Reported release
A0X
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-05-19
Closed date
2021-08-03
Last modified date
2021-08-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
DATAPOWER
Fixed component ID
DP1234567
Applicable component levels
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateways"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A0X"}]
Document Information
Modified date:
04 August 2021