PI59509: SSLC0008E SSLHANDSHAKE EXCEPTION AFTER TURNING OFF TLSV1 PROTOCOL

Fixes are available

APAR status

Closed as program error.

Error description

SSLC0008E SSLHandshake exception after turning off TLSv1
protocol

Configured SSL_TLSv2 in all SSL configuration and updated the
java.security file to turn off TLSv1 protocol using property
"jdk.tls.disabledAlgorithms=TLSv1"  After that we are seeing
the SSLHandshake exception.

This is problem happens only with when you are using JDK1.7

SSLHandshakeE E   SSLC0008E: Unable to initialize SSL
connection.  Unauthorized access was denied or
security settings have expired.  Exception is
javax.net.ssl.SSLException: Received fatal alert:
handshake_failure

Local fix

```
na
```

Problem summary

****************************************************************
* USERS AFFECTED:  IBM WebSphere Application Server Version    *
*                  8.5.5 users of the SSL Channel              *
****************************************************************
* PROBLEM DESCRIPTION: The SSL Channel might reset the         *
*                      SSLEngine to TLSv1.0 even if that       *
*                      protocol is disabled.                   *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
If the SSL Channel resets the SSLEngine to its default value,
the TLS protocol that will be set is TLSv1.0. An SSL Handshake
Exception might occur if TLSv1.0 was set to be disabled. The
following is an example of the exception:
SSLHandshakeE E  SSLC0008E: Unable to initialize SSL
connection. Unauthorized access was denied or security
settings have expired. Exception is javax.net.ssl.SSLException:
Received fatal alert: handshake_failure
at com.ibm.jsse2.j.a(j.java:24)
at com.ibm.jsse2.an.a(an.java:392)
at com.ibm.jsse2.an.a(an.java:415)
at com.ibm.jsse2.an.j(an.java:152)
at com.ibm.jsse2.an.b(an.java:528)

Problem conclusion

The SSL Channel was modified to correctly set the enabled
protocol.

The fix for this APAR is currently targeted for inclusion in
fix pack 8.5.5.10.  Please refer to the Recommended Updates
page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Temporary fix

Comments

APAR Information

APAR number
PI59509
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-03-21
Closed date
2016-04-28
Last modified date
2016-04-28

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800

Applicable component levels

R850 PSY
UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
28 April 2022

Tips

PI59509: SSLC0008E SSLHANDSHAKE EXCEPTION AFTER TURNING OFF TLSV1 PROTOCOL

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R850 PSY

Document Information

Share your feedback

Need support?