MF69523 - LIC-COMM-TLS TLSV1.3 IllegalParameter PSK Handshake Failure

TYPE PROGRAM  RELEASE   NUMBER   MIN/MAX  OPTION
---- -------- --------- -------  -------  ------
PRE  5770999  V7R4M0    MF66667   00/00    0000
CO   5770999  V7R4M0    MF69066   00/00    0000



NOTICE:
-------
Application of this PTF may disable or render ineffective programs that
use system memory addresses not generated by the IBM translator,
including programs that circumvent control technology designed to limit
interactive capacity to purchased levels.  This PTF may be a prerequisite
for future PTFs.  By applying this PTF you authorize and agree to the
foregoing.

This PTF is subject to the terms of the 'IBM License Agreement for Machine
Code', the terms of which were provided in a printed document that was
delivered with the machine.

SUBJECT TO ANY WARRANTIES WHICH CAN NOT BE EXCLUDED OR EXCEPT AS EXPLICITLY
AGREED TO IN THE APPLICABLE LICENSE AGREEMENT OR AN APPLICABLE SUPPORT
AGREEMENT, IBM MAKES NO WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR CONDITIONS OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON INFRINGEMENT,
REGARDING THE PTF.





APAR Error Description / Circumvention

-----------------------------------------------
A TLSv1.3 handshake fails with IllegalParameter on the server
when the client hello includes an invalid pre-shared key
extension.

CORRECTION FOR APAR MA49492 :
-----------------------------
A TLSv1.3 client hello includes a valid pre-shared key
extension.

CIRCUMVENTION FOR APAR MA49492 :
--------------------------------
None.


Activation Instructions


None.




Special Instructions


None.


Default Instructions

THIS PTF CAN BE APPLIED IMMEDIATE OR DELAYED.



Supersedes

PTF/FIX NO(S).  APAR TITLE LINE
--------------  ------------------------------------------------------------
   MF69461      System TLS IllegalParameter error after HelloRetryRequest
   MF69413      A System TLS secure environment caching update is needed.
   MF69156      LIC-COMM-OTHER-PERFM LARGE WRITE OF TLS DATA
   MF69067      LIC-COMM-TLS System TLS persistent storage support
   MF68838      LIC-COMM-TLS COMMUNICATIONS DROP INTERMITTENTLY
   MF68715      OSP-UNPRED SYSTEM HANG DUE TO STREAMS UNABLE TO ALLOCATE NEW
   MF68705      LIC-COMM-OTHER-WAIT RESIDENT HEAP GROWTH CAUSED SYSTEM HANG
   MF68674      OSP-INCORROUT TLS HANDSHAKE FAILS AFTER CERTIFICATE VERIFY F
   MF68599      LIC-COMM Secure LAN Console Large Send Failure
   MF68375      LIC-COMM-TLS VL2C00C640 SECURE SEND FAILURE
   MF68251      LIC-COMM-TLS Ethernet adapter stops responding to frames due
   MF68195      LIC-COMM-TLS IBM i Native JSSE javax.net.ssl.SSLException: U
   MF68105      LIC-COM-TLS gsk_secure_soc_read() fails to receive queued da
   MF67905      LIC-COMM-OTHER-PERFM LARGE WRITE OF TLS DATA
   MF67905      LIC-COMM-TLS VL2C00F930 OCSP Stapling Exception with Unknown
   MF67905      LIC-COMM-TLS TLSV1.2 Cached handshake fails GSK_ERROR_BAD_PE
   MF67570      LIC-COMM-TCPIP VL2C00C800 SECURE EXCEPTION TLSV1.2 HANDSHAKE
   MF67570      LIC-COMM-TLS Expired DCM certificate causes process to run o
   MF66864      LIC-COM-SSL System TLS TLSv1.3 Close Notify Alert Failure
   MF67402      Heap Trap caused MSD due to DST referencing storage after so
   MF67261      LIC-COMM-SSL System TLS OCSP stapling support
   MF66738      LIC-COMM-SSL System TLS Curve25519 and Curve448 Support
   MF65857      LIC-SSL ChaCha20Poly1305 System TLS Support

Summary Information
System..............................  i
Models..............................  
Release.............................  V7R4M0
Licensed Program....................  5770999
APAR Fixed..........................  View details for APAR MA49492
Superseded by:......................  
Recompile...........................  N
Library.............................  QSYS
MRI Feature ........................  NONE
Cum Level...........................  C2125740

IBM i Support