PH63495: EYUCMCIJ JVMSERVER DOES NOT ENABLE WHEN USING JAVA 11/17 AND A KEYSTORE TYPE OF JCEHYBRIDRACFKS

A fix is available

APAR status

Closed as program error.

Error description

The JVMSERVER's stderr will show:

java.lang.ExceptionInInitializerError which is caused by:

Caused by: java.lang.SecurityException: Can not initialize
  cryptographic mechanism
    at java.base/javax.crypto.JceSecurity.<clinit>(JceSecurity.
      java:191)
    ... 30 more
Caused by: IBMJCEHybridException: Failover exhausted, all
  registered providers attempted and failed.

and

Exception#0 com.ibm.crypto.hdwrCCA.provider.
JCECCARuntimeException: Hardware error from call CSNDDSV
returnCode 12 reasonCode 11060

Local fix

Problem summary

****************************************************************
* USERS AFFECTED: All CICS users.                              *
****************************************************************
* PROBLEM DESCRIPTION: CMCI JVM server fails to enable with    *
*                      exception ExceptionInInitializerError   *
*                      when using Java 11+ and hardware        *
*                      keystore.                               *
****************************************************************
When using a hardware cryptography on a SMSSJ/CMCI WUI's JVM
server, the JVM server will fail to enable with exception
ExceptionInInitializerError. This is because the IBMJCE provider
is selected which does not provide hardware cryptography.

Alternatively you may see the following exceptions:
Caused by: java.lang.RuntimeException: Problem creating
SSLEngine using protocol "Default"
Caused by: java.security.NoSuchAlgorithmException: Error
constructing implementation (algorithm: Default, provider:
SunJSSE, class: sun.security.ssl.SSLContextImpl$
DefaultSSLContext)
Caused by: java.security.KeyManagementException: problem
accessing trust store

Problem conclusion

CICS has been changed so that the correct provider is selected
when using hardware cryptography on a CMCI JVM server.

Temporary fix

Comments

APAR Information

APAR number
PH63495
Reported component name
CICS TS Z/OS V6
Reported component ID
5655YA100
Reported release
500
Status
CLOSED PER
PE
NoPE
HIPER
YesHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2024-10-01
Closed date
2024-11-20
Last modified date
2024-12-03

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

UI99132

Modules/Macros

```
DFJ@H571
```

Fix information

Fixed component name
CICS TS Z/OS V6
Fixed component ID
5655YA100

Applicable component levels

R500 PSY UI99132
UP24/11/23 P F411 ¢

Fix is available

Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.2","Line of Business":{"code":"LOB70","label":"Z TPS"}}]

Document Information

Modified date:
03 December 2024

Tips

PH63495: EYUCMCIJ JVMSERVER DOES NOT ENABLE WHEN USING JAVA 11/17 AND A KEYSTORE TYPE OF JCEHYBRIDRACFKS

A fix is available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R500 PSY UI99132

Fix is available

Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

Document Information

Share your feedback

Need support?