VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ03853

⇱ IJ03853: IBMCAC PROVIDER DOES NOT SUPPORT SHA224

IJ03853: IBMCAC PROVIDER DOES NOT SUPPORT SHA224

APAR status

  • Closed as program error.

Error description

  • Error Message: javax.net.ssl.SSLHandshakeException: Error
signing certificate verify when using IBMCAC provider with JSSE
.
Stack Trace: Caused by: javax.net.ssl.SSLHandshakeException:
Error signing certificate verify
at com.ibm.jsse2.k.a(k.java:6)
at com.ibm.jsse2.at.a(at.java:572)
at com.ibm.jsse2.D.a(D.java:11)
at com.ibm.jsse2.E.a(E.java:490)
at com.ibm.jsse2.E.a(E.java:245)
at com.ibm.jsse2.D.r(D.java:223)
at com.ibm.jsse2.D.a(D.java:198)
at com.ibm.jsse2.at.a(at.java:649)
at com.ibm.jsse2.at.i(at.java:627)
at com.ibm.jsse2.at.a(at.java:689)
at com.ibm.jsse2.at.startHandshake(at.java:432)
.

Local fix

  • Disable SHA224 algorithms. In java.security file update the
jdk.tls.disabledAlgorithms security property to include SHA224.
i.e. jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH
keySize < 768, 3DES_EDE_CBC, DESede, EC keySize < 224, SHA224

Problem summary

  • IBMCAC and IBMJCEFIPS do not support SHA244. Disable SHA224
support when these providers are being used.

Problem conclusion

  • The associated RTC PR is 136379
The associated Austin CMVC defect is 117763
The associated Austin APAR is IJ02621
JVMs affected : Java 8, 7, and 6
The fix was delivered for: Java 8 SR5 FP10, Java 7 SR10 FP20,
Java 727 SR4 FP20, Java 6 SR16 FP60, Java 626 SR8 FP60
The affected jars: ibmjsseprovider2.jar
The build level of this jar for the affected releases is
"20171207"
.
This APAR will be fixed in the following Java Releases:
 8 SR5 FP10 (8.0.5.10)
 7 R1 SR4 FP20 (7.1.4.20)
 7 SR10 FP20 (7.0.10.20)
 6 SR16 FP60 (6.0.16.60)
 6 R1 SR8 FP60 (6.1.8.60)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
Service Refreshes and Fix Packs can be found at:
 https://www.ibm.com/developerworks/java/jdk/

Temporary fix



Comments


    



APAR Information




    

  • APAR number
    IJ03853
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2018-02-01
    • 

  • Closed date
    2018-02-01
    • 

  • Last modified date
    2018-02-01
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 




    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 07 December 2020