| APAR # |
PTF # |
APAR Description |
Notes |
| OA01971 |
UA00954 |
LOOP BETWEEN GSK_READ_V3_RECORD AND USER SKREAD ROUTINE |
Loop can occur between the user supplied callback routines,
skread and skwrite, if these routines return a negative value other than -1 |
| OA02382 |
UA01625 |
GSKKYMAN LACKS OPTION TO CREATE CERTIFICATE RENEWAL ON Z/OS 1.4 |
Gskkyman untility on Z/OS 1.2 had an option to request a renewal
of a certificate from an existing certificate in the keydatabase file. On Z/OS 1.4, this option is missing. |
| OA02737 |
UA02136 |
SSL HANDSHAKE FAILS WITH RC -37 WHEN CLIENT CERTIFICATE
CONTAINS INVALID TELETEX/T61 CHARACTER |
Error ASN_CANT_CONVERT (x'014CE014') is returned when decoding an
X.509 certificate containing accented characters within an ASN.1 TELETEXSTRING field. |
| OA04226 |
UA04423 |
SSL ABENDS WHEN A CLIENT CERTIFICATE HAS A NULL FOR THE OU |
System SSL abends S0C4 when a client attempts to connect and the
specified certificate has a null in the organizational unit(ou).
|
| OA04566 |
UA05144 |
SYSTEM SSL CERTIFICATE MANAGEMENT SERVICES REFRESH |
Numerous fixes have been made to System SSL. This APAR brings the Certificate
Management Services component up to the latest service level. |
| OA14437 |
UA23757 |
SSL V3 CLIENT HANDSHAKE FAILED WITH AN ERROR 410 (BAD MESSAGE) WITH
SID CLIENT SIDE CACHING |
SSL handshake may fail for System SSL clients attempting TLSV1 for
cached sessions where the server is using SSLV3 |
| OA09297 |
UA14368 |
GSK_CLIENT_AUTH_PASSTHRU_TYPE VALIDATES CLIENT CERTIFICATE |
If gsk_attribute_set_enum is called to set GSK_CLIENT_AUTH_TYPE to
GSK_CLIENT_AUTH_PASSTHRU_TYPE System SSL should bypass client certificate validation but it does not |
| APAR # |
PTF # |
APAR Description |
Notes |
| OA14437 |
UA23757 |
SSL V3 CLIENT HANDSHAKE FAILED WITH AN ERROR 410 (BAD MESSAGE) WITH
SID CLIENT SIDE CACHING |
SSL handshake may fail for System SSL clients attempting TLSV1 for
cached sessions where the server is using SSLV3 |
| OA01971 |
UA00954 |
LOOP BETWEEN GSK_READ_V3_RECORD AND USER SKREAD ROUTINE |
Loop can occur between the user supplied callback routines,
skread and skwrite, if these routines return a negative value other than -1 |
| OA02382 |
UA01625 |
GSKKYMAN LACKS OPTION TO CREATE CERTIFICATE RENEWAL ON Z/OS 1.4 |
Gskkyman untility on Z/OS 1.2 had an option to request a renewal
of a certificate from an existing certificate in the keydatabase file. On Z/OS 1.4, this option is missing. |
| OA02737 |
UA02136 |
SSL HANDSHAKE FAILS WITH RC -37 WHEN CLIENT CERTIFICATE
CONTAINS INVALID TELETEX/T61 CHARACTER |
Error ASN_CANT_CONVERT (x'014CE014') is returned when decoding an
X.509 certificate containing accented characters within an ASN.1 TELETEXSTRING field. |
| OA04226 |
UA04423 |
SSL ABENDS WHEN A CLIENT CERTIFICATE HAS A NULL FOR THE OU |
System SSL abends S0C4 when a client attempts to connect and the
specified certificate has a null in the organizational unit(ou).
|
| OA04566 |
UA05144 |
SYSTEM SSL CERTIFICATE MANAGEMENT SERVICES REFRESH |
Numerous fixes have been made to System SSL. This APAR brings the Certificate
Management Services component up to the latest service level. |
| OW56418 |
UW94302 |
RACDCERT EXPORT CREATING PKCS#12 PACKAGES
THAT DO NOT CONFORM TOASN.1 STANDARD |
RACDCERT EXPORT creating PKCS#12 packages that do not conform to
ASN.1 standard therefore can not be imported. |
| APAR # |
PTF # |
APAR Description |
Notes |
| OW51164 |
UW84120 UW84121 |
SSL ENHANCEMENTS |
Addressing requirement to provide basic Certificate
Management APIs to read certificates from a SAF keyring, lookup a particular certificate
by label, index or subject name and APIs for support creating and processing PKCS #7(Cryptographic
Message Standard) messages |
| OW52700 |
UW85215 |
SYSTEM SSL ENHANCEMENT TO SUPPORT RACF CERTIFICATES
DEFINED WITH RSA PRIVATE KEYS STORED IN ICSF |
Enhance System SSL to support the use of RACF
certificates which have their private keys stored in ICSF(hardware crypto.) |
| OW54083 |
UW88756 |
SSL CONNECTION USING WRONG CIPHERSPEC |
SSL connection is allowed to be wrongly established
using a cached session id when the specified connection cipher suite(s) do not match the
cipher within the cached session id |
| OW56144 |
UW93993 |
GSK_KEYFILE_BAD_PASSWORD IF PASSWORD IS GREATER THAN
8 CHARACTERS WITH A KDB FILE |
System SSL gskkyman command has been updated to support
passwords greater than 8 characters for the key database file and passwords associated with the
export (.p12) files |
| OA04566 |
UA05143 |
SYSTEM SSL CERTIFICATE MANAGEMENT SERVICES REFRESH |
Numerous fixes have been made to System SSL. This APAR brings the Certificate
Management Services component up to the latest service level. |
| APAR # |
PTF # |
APAR Description |
Notes |
| OW44153 |
UW70444 |
SSL GSK_INITIALIZE CALL HANGS AND GETS PROTECTION EXCEPTION |
SSL application executed as a started task received RC2 from
gsk_initialize when using RACF key ring. Also, gsk_initialize hanging with protection exception. Also,
System SSL rebuilt to exploit performance enhancements when using hardware crypto |
| OW46430 |
UW75960 |
SYSTEM SSL HARDWARE PERFORMANCE |
System SSL needs to be relinked with the latest
bsafe code, in order to take maximum advantage of ICSF performance changes |
| OW48118 |
UW79754 |
IMW6310E SSL SUPPORT INITIALIZATION FAILED |
IMW6310E message occurs when using kdb files generated
under ikeyman on OS/390 R9 and used under R10 with System SSL. Certs. that contain special
characters like & or * and ASN.1 are encoded incorrectly |
| OW51164 |
UW84118 UW84119 |
SSL ENHANCEMENTS |
Addressing requirement to provide basic Certificate
Management APIs to read certificates from a SAF keyring, lookup a particular certificate
by label, index or subject name and APIs for support creating and processing PKCS #7(Cryptographic
Message Standard) messages |
| OW51648 |
UW83574 |
SYSTEM SSL S0C4 GSK_SECURE_SOC_INIT |
S0C4 abend occured during the SSL handshake process
in the ReadV2Msg function |
| OW52700 |
UW85214 |
SYSTEM SSL ENHANCEMENT TO SUPPORT RACF CERTIFICATES
DEFINED WITH RSA PRIVATE KEYS STORED IN ICSF |
Enhance System SSL to support the use of RACF
certificates which have their private keys stored in ICSF(hardware crypto.) |
| OW54083 |
UW88754 |
SSL CONNECTION USING WRONG CIPHERSPEC |
SSL connection is allowed to be wrongly established
using a cached session id when the specified connection cipher suite(s) do not match the
cipher within the cached session id |
| OA04566 |
UA05142 |
SYSTEM SSL CERTIFICATE MANAGEMENT SERVICES REFRESH |
Numerous fixes have been made to System SSL. This APAR brings the Certificate
Management Services component up to the latest service level. |