IBM Support

MF69527 - LIC-COMM-TLS TLSV1.3 IllegalParameter PSK Handshake Failure

PTF Cover Letter


PTF ( Program Temporary Fixes ) Cover letter


Order this fix

Abstract

LIC-COMM-TLS TLSV1.3 IllegalParameter PSK Handshake Failure


Pre/Co-Requisite PTF / Fix List

REQ  LICENSED           PTF/FIX  LEVEL

TYPE PROGRAM  RELEASE   NUMBER   MIN/MAX  OPTION
---- -------- --------- -------  -------  ------
PRE  5770999  V7R3M0    MF67126   00/00    0000
CO   5770999  V7R3M0    MF67161   00/00    0000
CO   5770999  V7R3M0    MF67165   00/00    0000
CO   5770999  V7R3M0    MF67173   00/00    0000



NOTICE:
-------
Application of this PTF may disable or render ineffective programs that
use system memory addresses not generated by the IBM translator,
including programs that circumvent control technology designed to limit
interactive capacity to purchased levels.  This PTF may be a prerequisite
for future PTFs.  By applying this PTF you authorize and agree to the
foregoing.

This PTF is subject to the terms of the 'IBM License Agreement for Machine
Code', the terms of which were provided in a printed document that was
delivered with the machine.

SUBJECT TO ANY WARRANTIES WHICH CAN NOT BE EXCLUDED OR EXCEPT AS EXPLICITLY
AGREED TO IN THE APPLICABLE LICENSE AGREEMENT OR AN APPLICABLE SUPPORT
AGREEMENT, IBM MAKES NO WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR CONDITIONS OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON INFRINGEMENT,
REGARDING THE PTF.





APAR Error Description / Circumvention

-----------------------------------------------
A TLSv1.3 handshake fails with IllegalParameter on the server
when the client hello includes an invalid pre-shared key
extension.

CORRECTION FOR APAR MA49492 :
-----------------------------
A TLSv1.3 client hello includes a valid pre-shared key
extension.

CIRCUMVENTION FOR APAR MA49492 :
--------------------------------
None.


Activation Instructions


None.


Special Instructions


None.


Default Instructions

THIS PTF CAN BE APPLIED IMMEDIATE OR DELAYED.



Supersedes

PTF/FIX NO(S).  APAR TITLE LINE
--------------  ------------------------------------------------------------
   MF69465      System TLS IllegalParameter error after HelloRetryRequest
   MF69414      A System TLS secure environment caching update is needed.
   MF69205      LIC-COMM-OTHER-PERFM LARGE WRITE OF TLS DATA
   MF69006      LIC-COMM-TLS VL2C00C790 SECURE EXCEPTION TLSv1.2 handshake f
   MF68725      OSP-UNPRED SYSTEM HANG DUE TO STREAMS UNABLE TO ALLOCATE NEW
   MF68704      LIC-COMM-OTHER-WAIT RESIDENT HEAP GROWTH CAUSED SYSTEM HANG
   MF68673      OSP-INCORROUT TLS HANDSHAKE FAILS AFTER CERTIFICATE VERIFY F
   MF68608      LIC-COMM Secure LAN Console Large Send Failure
   MF68374      LIC-COMM-TLS VL2C00C640 SECURE SEND FAILURE
   MF68258      LIC-COMM-TLS Ethernet adapter stops responding to frames due
   MF68196      LIC-COMM-TLS IBM i Native JSSE javax.net.ssl.SSLException: U
   MF68194      LIC-COM-TLS gsk_secure_soc_read() fails to receive queued da
   MF68015      SECURE TELNET CONNECT FAILURES EXCEPTION VL2C00C810
   MF67908      LIC-COMM-OTHER-PERFM LARGE WRITE OF TLS DATA
   MF67908      LIC-COMM-TLS VL2C00F930 OCSP Stapling Exception with Unknown
   MF67593      LIC-COMM-TCPIP VL2C00C800 SECURE EXCEPTION TLSV1.2 HANDSHAKE
   MF67593      LIC-COMM-TLS Expired DCM certificate causes process to run o
   MF67524      OSP-OTHER-UNPRED SYSTEM TLS FAILS TLSV1.2 SERVER HELLO WITHO
   MF67524      OSP-INCORROUT SSLV2 CLIENT HELLO ISSUE
   MF67401      Heap Trap caused MSD due to DST referencing storage after so
   MF67277      LIC-COMM-SSL System TLS OCSP stapling support
   MF67163      LIC-COMM-SSL System TLS Curve25519 and Curve448 Support
   MF60911      LIC-SSL TLS Record Loop
   MF64534      LIC-SSL System TLS ROBOT attack VU#144389
   MF64144      LIC-SSL SYSTEM TLS CLIENTHELLO DOES NOT INCLUDE EC_POINT_FOR
   MF62915      LIC-SSL TLS Alert Record Leaked
   MF60921      LIC-COMM-SSL VL2C00C630 *NETSECURE Audit
   MF61141      LIC-SSL RSA Minimum Key Size Client Auth

Summary Information
System..............................  i
Models..............................  
Release.............................  V7R3M0
Licensed Program....................  5770999
APAR Fixed..........................  View details for APAR MA49492
Superseded by:......................  
Recompile...........................  N
Library.............................  QSYS
MRI Feature ........................  NONE
Cum Level...........................  C2132730


IBM i Support

IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright © 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022 IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the Terms of use link for trademark information.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.3.0","Product":{"code":"SWG60","label":"IBM i"},"Component":"5770999","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]

Document Information

Modified date:
24 May 2022