APAR status
Closed as program error.
Error description
Error Message: error: java.lang.RuntimeException: Could not generate MLKEM Secret Key : ...Caused by: java.security.InvalidKeyException: An incorrect key was specified. Key must be either a PQCPublicKey or a PQCKEMSecret.with X25519MLKEM768 is enabled. . Stack Trace: <OSB>2/5/26 8:32:24:060 CET<CSB> 00000343 SystemOut O javax.net.ssl<PIPE>WARNING<PIPE>03 43<PIPE>pool-8-thread-27<PIPE>2026-02-05 08:32:24.060 CET<PIPE>Thread.java:1175<PIPE>handling exception ( "throwable" : { java.lang.RuntimeException: Could not generate MLKEM Secret Key at com.ibm.jsse2.P$d.d(P$d.java:26) at com.ibm.jsse2.ap$d.a(ap$d.java:41) at com.ibm.jsse2.o.a(o.java:137) ... Caused by: java.security.InvalidKeyException: An incorrect key was specified. Key must be either a PQCPublicKey or a PQCKEMSecret. at com.ibm.crypto.plus.provider.PQCKEMKeyAgreementImpl.engineDoPhas e(PQCKEMKeyAgreementImpl.java:78) at javax.crypto.KeyAgreement.doPhase(KeyAgreement.java:93) at com.ibm.jsse2.P$d.d(P$d.java:57) ... 32 more} . Disabling X25519MLKEM768 the problem goes away
Local fix
Disable the PQC Hybrid Key Exchange algorithms
Problem summary
PQC Hybrid Key Exchange algorithms are not thread safe
Problem conclusion
Binary affected - ibmjsseprovider2.jar GIT Issue - 400 RTC - 153870 Build - 8.0 build_20260309--612 JVM to be delivered in - JDK 8 SR8FP65 . This APAR will be fixed in the following Releases: . IBM Semeru Runtimes IBM SDK, Java Technology Edition 8 SR8 FP65 (8.0.8.65) . Downloads and supplementary documentation can be found at the following locations: - For non z/OS operating systems: - IBM Semeru Runtimes, Version 11 and later https://www.ibm.com/semeru-runtimes/downloads/ - IBM SDK, Java Technology Edition, Version 8 https://www.ibm.com/support/pages/java-sdk-downloads/ - For the z/OS operating system: - Java SDK Products on z/OS https://www.ibm.com/support/pages/java-sdk-products-zos
Temporary fix
Comments
APAR Information
APAR number
IJ57653
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2026-03-14
Closed date
2026-03-18
Last modified date
2026-03-18
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
Document Information
Modified date:
18 March 2026