OA66513: TLS 1.3 CONNECTION FAILURE WITH SYSTEM SSL CLIENT TO STERLING SECURE PROXY

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• During a TLS 1.3 connection, a handshake failure occurs when
  System SSL is the client and Sterling Secure Proxy (SSP)
  receives the client-hello message.
  CSPA202E TLS/SSL handshake failure, reason=SNODE ERROR
  
  ANALYSIS:
  By default, System SSL sends psk_dhe_ke extension value when
  configured for TLS 1.3. SSP is unable to handle this extension,
  so the connection fails.
  
  VERFICATION:
  1. Ensure SSL/TLS connection is TLS 1.3
  2. Ensure that System SSL is the TLS client and SSP is the
  receiver of the client-hello message.
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: z/OS System SSL applications performing      *
  *                 TLS V1.3 handshakes                          *
  ****************************************************************
  * PROBLEM DESCRIPTION: Client applications using z/OS System   *
  *                      SSL attempting to perform TLS V1.3      *
  *                      handshakes, always send the             *
  *                      psk_key_exchange_modes extension with   *
  *                      a value of psk_dhe_ke. The inclusion of *
  *                      this extension indicates the types of   *
  *                      pre-shared keys (psk's) that are        *
  *                      supported by the client application.    *
  *                                                              *
  *                      Since the z/OS System SSL client        *
  *                      always includes the                     *
  *                      psk_key_exchange_modes extension with   *
  *                      a value of psk_dhe_ke during a TLS V1.3 *
  *                      handshake, server applications should   *
  *                      send session tickets to the client      *
  *                      after completing the TLS V1.3 handshake *
  *                      as this indicates that the client       *
  *                      supports TLS V1.3 session resumption to *
  *                      the same server. When a TLS V1.3        *
  *                      resumption handshake is attempted by    *
  *                      the z/OS System SSL client application, *
  *                      a session ticket may be obtained from   *
  *                      its cache and included in a TLS V1.3    *
  *                      handshake message within the            *
  *                      pre_shared_key extension.               *
  ****************************************************************
  * RECOMMENDATION: APPLY PTF                                    *
  ****************************************************************
  A very close examination of the TLS V1.3 RFC 8446 specification,
  indicates that the psk_key_exchange_modes extension indicates
  the types of pre-shared keys (psk's) that are supported by the
  client (if any). In this context pre-shared keys are the key
  types or session tickets that supported by the client. If the
  psk_key_exchange_modes extension is not included, then the
  client is assumed not to be enabled for TLS V1.3 resumption.
  
  The z/OS System SSL client will provide a manner to avoid always
  sending the psk_key_exchange_modes extension. Likewise, if a
  z/OS System SSL server application is processing a TLS V1.3
  handshake that does not include the psk_key_exchange_modes
  extension, the server should avoid sending TLS V1.3 session
  tickets.
  

Problem conclusion

• The z/OS System SSL client will not send the
  psk_key_exchange_modes extension when client session caching is
  not enabled. TLS V1.3 session ticket caching is not enabled when
  GSK_V3_SIDCACHE_SIZE is set to 0 (zero), GSK_V3_SESSION_TIMEOUT
  is set to 0 (zero), or GSK_SESSION_TICKET_CLIENT_ENABLE is set
  to OFF.
  
  If a z/OS System SSL server application performs a TLS V1.3
  handshake where a client does not include the
  psk_key_exchange_modes extension, it indicates that the client
  application does not support TLS V1.3 resumption. In this case,
  the z/OS System SSL server has been updated to avoid sending any
  TLS V1.3 session tickets after successfully completing the
  handshake. This occurs even if the server is enabled for sending
  session tickets when GSK_SESSION_TICKET_SERVER_ENABLE is set to
  ON and GSK_SESSION_TICKET_SERVER_COUNT is set to a value greater
  than 0 (zero).
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UJ95601 UJ95602 UJ95603 UJ95604

Modules/Macros

• GSKCMS31 GSKCMS64 GSKS31   GSKS31F  GSKS64   GSKS64F
  

Fix information

• Fixed component name

  SYSTEM SSL

• Fixed component ID

  565506805

Applicable component levels

• R450 PSY UJ95603

     UP24/11/01 P F410

• R451 PSY UJ95604

     UP24/11/01 P F410

• R510 PSY UJ95601

     UP24/11/01 P F410

• R511 PSY UJ95602

     UP24/11/01 P F410

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.