IBM Support

PH19470: DEVELOPER FOR SYSTEM Z - UNEXPECTED EXCEPTION TRYING TO ESTABLISH TLSV1.2 CONNECTION USING ICSF

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • In IDz 14.1.0 Users are not able to establish a TLS connection
    using JCECCARACFKS keystore
    
    Stack trace found in rseserver.log:
    java.io.StreamCorruptedException: invalid stream header:
    CECECACF
    at
    java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.jav
    a:1015)
    at java.io.ObjectInputStream.<init>(ObjectInputStream.java:409)
    at
    com.ibm.crypto.hdwrCCA.provider.JceRACFKeyStore.engineLoad(JceRA
    CFKeyStore.java:313)
    at java.security.KeyStore.load(KeyStore.java:1456)
    
    Workaround:
    None
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: 01.All zExpl and IDz users using SSL         *
    *                    communication.                            *
    ****************************************************************
    * PROBLEM DESCRIPTION: 01.In IDz 14.1.0 Users are not able to  *
    *                         establish a TLS connection using     *
    *                         JCECCARACFKS keystore.               *
    ****************************************************************
    01.zRSE when loading the CECAARACFS keystore is using the input
       stream from the wrong provider, the IBMJCE provider. It
       fails to load the keystore.
    

Problem conclusion

  • 01.The input streams from two providers have the same class
       name. The type class now is determined during run time based
       on the provider configured for Java security.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH19470

  • Reported component name

    Z/OS EXPLORER E

  • Reported component ID

    5724T0723

  • Reported release

    300

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-11-20

  • Closed date

    2019-11-27

  • Last modified date

    2020-01-03

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Modules/Macros

  • FEJENF70 FEJJCNFG FEJJJCL  FEJJMON  FEJTSO   FEK1SMPE FEK2RCVE
    FEK3ALOC FEK4ZFS  FEK5MKD  FEK6DDEF FEK7APLY FEK8ACPT FEK@CERR
    FEK@CONE FEK@CONF FEK@CUST FEK@DEB  FEK@DESC FEK@FLOW FEK@GEN
    FEK@GENW FEK@ISPF FEK@IVP  FEK@IVPD FEK@IVPW FEK@JCN1 FEK@JCNE
    FEK@JESJ FEK@MAIN FEK@MIGO FEK@OPTE FEK@OPTG FEK@OPTN FEK@PRIM
    FEK@RSE1 FEK@RSEO FEK@STRT FEK@TAB1 FEK@TAB2 FEK@TAB3 FEK@WRK1
    FEK@WRK2 FEK@WRK3 FEK@WRK4 FEK@WRK5 FEKAPPCC FEKAPPCL FEKAPPCX
    FEKATTR  FEKDSI   FEKEESX0 FEKFASIZ FEKFATT1 FEKFBLD  FEKFCIPH
    FEKFCLIE FEKFCMOD FEKFCMPR FEKFCMSG FEKFCOMM FEKFCOPY FEKFCOR6
    FEKFCORE FEKFDBBF FEKFDBBP FEKFDBG  FEKFDBG6 FEKFDBGM FEKFDIR
    FEKFDIR6 FEKFDIVP FEKFDST0 FEKFDST1 FEKFDST2 FEKFENVF FEKFENVI
    FEKFENVP FEKFENVR FEKFENVS FEKFEPL  FEKFICUL FEKFISPF FEKFIVP0
    FEKFIVPA FEKFIVPD FEKFIVPI FEKFIVPJ FEKFIVPT FEKFJESM FEKFJESU
    FEKFJVM  FEKFLATR FEKFLDSI FEKFLDSL FEKFLEOP FEKFLOGS FEKFLPTH
    FEKFMAI6 FEKFMAIN FEKFMINE FEKFMINS FEKFMNTL FEKFNTCE FEKFOMVS
    FEKFPATT FEKFPRDS FEKFPTC  FEKFRIVP FEKFRMSG FEKFRSES FEKFRSRV
    FEKFSCMD FEKFSEND FEKFSSL  FEKFSTUP FEKFT000 FEKFT001 FEKFT002
    FEKFT003 FEKFT004 FEKFT005 FEKFT006 FEKFT007 FEKFT008 FEKFT009
    FEKFT010 FEKFT011 FEKFT012 FEKFT013 FEKFT014 FEKFT015 FEKFT016
    FEKFT017 FEKFT018 FEKFT019 FEKFT020 FEKFTIVP FEKFTRKS FEKFTSO
    FEKFUTIL FEKFVERS FEKFXITA FEKFXITL FEKFZME  FEKFZMF  FEKFZOS
    FEKHCONF FEKHCUST FEKHDEB  FEKHDESC FEKHFLOW FEKHGEN  FEKHISPF
    FEKHIVP  FEKHIVPD FEKHJESJ FEKHMAIN FEKHMIGO FEKHOPTE FEKHOPTN
    FEKHPRIM FEKHRSE1 FEKHRSEO FEKHSTRT FEKHTAB1 FEKHTAB2 FEKINIT
    FEKKEYS  FEKLOGR  FEKLOGS  FEKM00   FEKM01   FEKM02   FEKMKDIR
    FEKMOUNT FEKMSGC  FEKMSGS  FEKRACF  FEKRSED  FEKSAPF  FEKSAPPL
    FEKSBPX  FEKSCLAS FEKSCLOG FEKSCMD  FEKSCPYM FEKSCPYU FEKSDSN
    FEKSENV  FEKSETUP FEKSISPF FEKSJCFG FEKSJCMD FEKSJMON FEKSLPA
    FEKSPROG FEKSPTKT FEKSRSED FEKSSERV FEKSSTC  FEKSSU   FEKSUSER
    FEKXCFGE FEKXCFGI FEKXCFGM FEKXCFGT FEKXMAIN FEKXML
    

Fix information

  • Fixed component name

    EXP FOR Z/OS HO

  • Fixed component ID

    5655EXP23

Applicable component levels

  • R310 PSY UI66683

       UP19/12/07 P F912

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSBDYH","label":"IBM Explorer for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.0.0","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.0.0","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
03 January 2020