IBM Support

IV64561: JSSE2 WITH PKCS11 RSA PREMASTER SECRET ERROR

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Error Message: javax.net.ssl.SSLKeyException: RSA premaster
secret error
.
Stack Trace: javax.net.ssl.SSLKeyException: RSA premaster secret
errorat com.ibm.jsse2.z.<init>(z.java:39)at
com.ibm.jsse2.bb.a(bb.java:423)at
com.ibm.jsse2.bb.a(bb.java:360)at
com.ibm.jsse2.ab.r(ab.java:352)at
com.ibm.jsse2.ab.a(ab.java:127)at
com.ibm.jsse2.qc.a(qc.java:196)at
com.ibm.jsse2.qc.h(qc.java:352)at
com.ibm.jsse2.qc.a(qc.java:523)at
com.ibm.jsse2.qc.startHandshake(qc.java:730)
.
Problem happens when TLSv1 or TLSv1.1 was enabled with
IBMPKCS11Impl provider was put before IBMJCE.

Local fix

  • Put IBMJCE provider before IBMPKCS11Impl

Problem summary

  • When IBMPKCS11Impl provider was used to generate RSA premaster
secret, wrong mechanism is enabled when TLSv1 is used. Besides,
IBMPKCS11Impl provider does not support the RSA premaster secret
for TLSv1.1, IBMJCE should be used.

Problem conclusion

  • A fix is made to IBMJSSE and IBMPKCS11Impl providerThe
associated Hursley RTC Problem Report is 72345The associated
Austin CMVC defect is 115869JVMs affected: Java 5.0, Java 6.0,
Java 626, Java 7.0 and Java 727The fix was delivered for Java
5.0 SR16FP8, Java 6.0 SR16FP2, Java 626 SR8FP2, Java 7.0 SR8 and
Java 727 SR2The affected jar is "ibmjsseprovider2.jar" and
"ibmpkcs11impl.jar".The build level of these jars for the
affected releases is "20140902"
.
This APAR will be fixed in the following Java Releases:
   7    SR8       (7.0.8.0)
   6    SR16 FP2  (6.0.16.2)
   7 R1 SR2       (7.1.2.0)
   5.0  SR16 FP8  (5.0.16.8)
   6 R1 SR8 FP2   (6.1.8.2)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, Java maintenance is available
from:
           https://www.ibm.com/developerworks/java/jdk/

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IV64561
    • 

  • Reported component name
    JAVA 5 SECURITY
    • 

  • Reported component ID
    620500125
    • 

  • Reported release
    500
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2014-09-03
    • 

  • Closed date
    2014-09-10
    • 

  • Last modified date
    2014-09-10
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    
IV64560
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    JAVA 5 SECURITY
    • 

  • Fixed component ID
    620500125
    • 



Applicable component levels


    

  • R500  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            07 December 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback