APAR status
Closed as program error.
Error description
IHS captures the following error with TLS1.3 enabled SSL0212E: SSL Handshake Failed, Internal unknown error. Report problem to service...
Local fix
Disable SSL Session reuse (session tickets) under TLS13: SSLAttributeSet 4039 0
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server * **************************************************************** * PROBLEM DESCRIPTION: Handshakes fail with SSL0212E with * * TLS1.3 enabled. * **************************************************************** * RECOMMENDATION: * **************************************************************** Handshakes fail with SSL0212E when a handshake is attempted to be resumed after the SSLV3Timeout has expired, or SSL0200E is logged with GSK_ERROR_ILLEGAL_PARAMETER.
Problem conclusion
GSKit was updated to 8.0.55.13 to resolve multiple TLS 1.3 issues: - SSL0212E errors during TLSv13 session resumption - SSL0200E error referencing GSK_ERROR_ILLEGAL_PARAMETER (ECDSA certificate error) The fix for this APAR is targeted for inclusion in fix packs 9.0.5.4. For more information, see 'Recommended Updates for WebSphere Application Server': http://www.ibm.com/support/docview.wss? rs=180&uid=swg27004980 Note: the same level of GSKit is provided in 8.5.5.18 and later to pick up other cumulative GSKit fixes, even though the particular symptom in this APAR is unreachable due to the absence of TLS 1.3 in IHS 8.5.5.
Temporary fix
Comments
APAR Information
APAR number
PH21804
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-02-05
Closed date
2020-04-14
Last modified date
2020-10-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
IBM HTTP SERVER
Fixed component ID
5724J0801
Applicable component levels
R900 PSY
UP
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0"}]
Document Information
Modified date:
07 September 2022