IBM Support

IV64561: JSSE2 WITH PKCS11 RSA PREMASTER SECRET ERROR

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Error Message: javax.net.ssl.SSLKeyException: RSA premaster
    secret error
    .
    Stack Trace: javax.net.ssl.SSLKeyException: RSA premaster secret
    errorat com.ibm.jsse2.z.<init>(z.java:39)at
    com.ibm.jsse2.bb.a(bb.java:423)at
    com.ibm.jsse2.bb.a(bb.java:360)at
    com.ibm.jsse2.ab.r(ab.java:352)at
    com.ibm.jsse2.ab.a(ab.java:127)at
    com.ibm.jsse2.qc.a(qc.java:196)at
    com.ibm.jsse2.qc.h(qc.java:352)at
    com.ibm.jsse2.qc.a(qc.java:523)at
    com.ibm.jsse2.qc.startHandshake(qc.java:730)
    .
    Problem happens when TLSv1 or TLSv1.1 was enabled with
    IBMPKCS11Impl provider was put before IBMJCE.
    

Local fix

  • Put IBMJCE provider before IBMPKCS11Impl
    

Problem summary

  • When IBMPKCS11Impl provider was used to generate RSA premaster
    secret, wrong mechanism is enabled when TLSv1 is used. Besides,
    IBMPKCS11Impl provider does not support the RSA premaster secret
    for TLSv1.1, IBMJCE should be used.
    

Problem conclusion

  • A fix is made to IBMJSSE and IBMPKCS11Impl providerThe
    associated Hursley RTC Problem Report is 72345The associated
    Austin CMVC defect is 115869JVMs affected: Java 5.0, Java 6.0,
    Java 626, Java 7.0 and Java 727The fix was delivered for Java
    5.0 SR16FP8, Java 6.0 SR16FP2, Java 626 SR8FP2, Java 7.0 SR8 and
    Java 727 SR2The affected jar is "ibmjsseprovider2.jar" and
    "ibmpkcs11impl.jar".The build level of these jars for the
    affected releases is "20140902"
    .
    This APAR will be fixed in the following Java Releases:
       7    SR8       (7.0.8.0)
       6    SR16 FP2  (6.0.16.2)
       7 R1 SR2       (7.1.2.0)
       5.0  SR16 FP8  (5.0.16.8)
       6 R1 SR8 FP2   (6.1.8.2)
    .
    Contact your IBM Product's Service Team for these Service
    Refreshes and Fix Packs.
    For those running stand-alone, Java maintenance is available
    from:
               https://www.ibm.com/developerworks/java/jdk/
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV64561

  • Reported component name

    JAVA 5 SECURITY

  • Reported component ID

    620500125

  • Reported release

    500

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2014-09-03

  • Closed date

    2014-09-10

  • Last modified date

    2014-09-10

  • APAR is sysrouted FROM one or more of the following:

    IV64560

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    JAVA 5 SECURITY

  • Fixed component ID

    620500125

Applicable component levels

  • R500 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
07 December 2020