IBM Support

IT37595: Incorrect error reporting if TLS record transfer limit encountered for GCM cipherspecs

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • If TLS key reset is not enabled, The TLS_AES_256_GCM_SHA384 and
    TLS_AES_128_GCM_SHA256 cipherspecs are limited to transferring
    2^24.5 TLS records, before the connection is terminated with
    an AMQ9288 error message written to the error log.
    
    If this situation was encountered, the AMQ9288 error message did
    not contain the expected message inserts. Additionally, a
    failure data capture (FDC) record with probe ID <span
    style="font-size:inherit">CO286005 </span>was generated.
    

Local fix

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    Customers using TLS_AES_256_GCM_SHA384 or TLS_AES_128_GCM_SHA256
    who reach the 2&#94;24.5 TLS record transfer limit.
    
    
    Platforms affected:
    MultiPlatform
    
    ****************************************************************
    PROBLEM DESCRIPTION:
    A error in the internal configuration tables associated with
    these cipherspecs caused incorrect insert data to be passed to
    the resulting AMQ9288 message, which in turn generated the FDC
    record.
    

Problem conclusion

  • The internal configuration data for these cipherspecs has been
    corrected.
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
    Version    Maintenance Level
    v9.2 LTS   9.2.0.4
    v9.x CD    9.2.5
    
    The latest available maintenance can be obtained from
    'WebSphere MQ Recommended Fixes'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037
    
    If the maintenance level is not yet available information on
    its planned availability can be found in 'WebSphere MQ
    Planned Maintenance Release Dates'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT37595

  • Reported component name

    MQ BASE V9.2

  • Reported component ID

    5724H7281

  • Reported release

    920

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2021-07-13

  • Closed date

    2021-11-05

  • Last modified date

    2021-11-05

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    MQ BASE V9.2

  • Fixed component ID

    5724H7281

Applicable component levels

[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"920"}]

Document Information

Modified date:
06 November 2021