MA48273 - LIC-COMM-SSL SYSTEM TLS OCSP STAPLING SUPPORT/TLSv13 SNI Rollbac
k

Abstract

LIC-COMM-SSL SYSTEM TLS OCSP STAPLING SUPPORT/TLSv13 SNI Rollbac
k

Error Description

System Transport Layer Security Online Certificate Status      
Protocol (OCSP) stapling processing was not sending the OCSP    
request as expected when the client requested it with the      
certificate status request extension. Client Hello (SNI)        
                                                               
Client Hello (SNI)                                              
extension against TLSv1.3 with no defined ciphers, will fail    
with 'Unrecognized Name' in trace. True cause is msg            
"GSK_ERROR_NO_CERTIFICATE". Will rollback to TLSv1.2 with      
correct QSSLCSL ciphers.                                        

Problem Summary

Please see the ERROR DESCRIPTION section.                      

Problem Conclusion

System TLS was updated so that the OCSP response is stapled by  
the server if the client requests it and the server supports    
OCSP stapling.                                                  

Temporary Fix

Comments

Circumvention

PTFs Available

R730 MF67277  0310

R740 MF67261  0303

Affected Modules

Affected Publications

Summary Information

IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright © 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the Terms of use link for trademark information