Troubleshooting
Problem
TLSv1.3 handshakes that use the pre-shared key extension can fail with an IllegalParameter alert and GSK_ERROR_BAD_PEER. This issue was reported in IBM APAR MF49492.
Resolving The Problem
TLSv1.3 handshakes that use the pre-shared key extension can fail with an IllegalParameter alert and GSK_ERROR_BAD_PEER. This issue was reported in IBM APAR MF49492. IBM recommends you download and apply the individual PTFs to resolve this issue. The individual PTFs can be applied immediately or delayed.
Release 7.3 -- MF69527
Release 7.4 -- MF69523
Check if any of the following actions were taken to mitigate the issue:
Release 7.3 -- MF69527
Release 7.4 -- MF69523
Check if any of the following actions were taken to mitigate the issue:
- If *TLSV1.3 was disabled in system value QSSLPCL or System Service Tools (SST) Advanced Analysis command TLSCONFIG option eligibleDefaultProtocols, re-enable the protocol.
- If *AES_128_GCM_SHA256 or *AES_256_GCM_SHA384 were disabled in system value QSSLCSL or TLSCONFIG option eligibleDefaultCipherSuites, re-enable the cipher suites.
- If secure session caching was disabled, re-enable secure session caching.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CIJAA2","label":"SSL TLS Communications"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.3.0;7.4.0"}]
Was this topic helpful?
Document Information
Modified date:
11 February 2022
UID
ibm16555396