IBM Support

MA48273 - LIC-COMM-SSL SYSTEM TLS OCSP STAPLING SUPPORT/TLSv13 SNI Rollbac
k

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 APAR (Authorized Program Analysis Report)

Abstract

LIC-COMM-SSL SYSTEM TLS OCSP STAPLING SUPPORT/TLSv13 SNI Rollbac
k

Error Description

System Transport Layer Security Online Certificate Status      
Protocol (OCSP) stapling processing was not sending the OCSP    
request as expected when the client requested it with the      
certificate status request extension. Client Hello (SNI)        
                                                               
Client Hello (SNI)                                              
extension against TLSv1.3 with no defined ciphers, will fail    
with 'Unrecognized Name' in trace. True cause is msg            
"GSK_ERROR_NO_CERTIFICATE". Will rollback to TLSv1.2 with      
correct QSSLCSL ciphers.                                        

Problem Summary

Please see the ERROR DESCRIPTION section.                      

Problem Conclusion

System TLS was updated so that the OCSP response is stapled by  
the server if the client requests it and the server supports    
OCSP stapling.                                                  

Temporary Fix

Comments

Circumvention


PTFs Available

R730 MF67277  0310

R740 MF67261  0303

Affected Modules


         
         

Affected Publications

Summary Information

Status............................................CLOSED PER
HIPER...........................................No
Component..................................9400DG300
Failing Module..........................RCHMGR
Reported Release...................R740
Duplicate Of..............................




IBM i Support

IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright © 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the Terms of use link for trademark information

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1.0"},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.3; 7.4","Product":{"code":"SG15Q","label":"APARs - OS\/400 General"},"Component":"9400DG3","Edition":""}]

Document Information

Modified date:
06 March 2021