PQ89967: GSK_DECRYPT_V3_RECORD(): SHA-1 DIGEST INCORRECT FOR MESSAGE BBOU0639E FUNCTION READ() FAILED WITH RV=-12, RC=0, RSN=00000000 | |||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Customer had an application in which one ejb in one server made a call to another ejb in another server using RMI-IIOP. When the RMI-IIOP is secured using SSL the calling server fails with: . Trace: 2004/06/04 15:12:13.155 01 t=9CE9D8 c=UNK key=S2 (0000000A) Description: Log Boss/390 Error from filename: ./bbocsses.cpp at line: 2513 error message: BBOU0639E Function read() failed with RV=-12, RC=0,RSN=00000000, . Enabling an SSL trace for the calling server will show the ERROR gsk_decrypt_v3_record(): SHA-1 digest incorrect for message ASCII gsk_decrypt_v3_record(): Failing message 22445af3 a207435a d4b031d2 5587b1e8 *"DZ...CZ..1.U...* fd6d2133 8e069e53 44eae7d9 382961b0 *.m!3...SD...8)a.* ddb4613e 01fb9366 *..a>...f * . The decrypted message will not be readable. . To diagnose the problem enable a TRACEDETAIL=(3,4,E), and obtain an SSL trace for both the calling server and server being called.Local fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: IIOP requests over an SSL encrypted * * socket may encounter COMM_FAILURE * * exceptions with minor codes C9C20CAE, * * C9C21149, or C9C20C5E. These * * exceptions will be accompanied by the * * message: * * BBOU0639E: Function read() failed with * * RV=-12, RC=xxx, RSN=xxxxxxxx * **************************************************************** * RECOMMENDATION: * **************************************************************** When WebSphere performed asynchronous reads from an SSL encrypted socket, the read request was made for the maximum size of an SSL record. While this generally resulted in the consumption of a single SSL record, it was possible to receive multiple records. After consuming the expected SSL record, the remainder of the data received from the socket was abandoned. The loss of the additional data was detected by System SSL when the Message Authentication Code check failed. This failure caused System SSL to return GSK_ERR_BAD_MAC (-12) from gsk_secure_socket_read. In response to this return code, a COMM_FAILURE exception was raised. These are some of the failures seen in the server: BBOU0639E Function read() failed with RV=-12, RC=XXX, RSN=XXXXXXX, EDC5113I Bad file descriptor. BBOU0051E Internal communications error: REASON=C9C2XXXXProblem conclusion The the amount of data requested on the asynchronous reads from SSL encrypted sockets has changed from the maximum SSL record size to the size of the SSL record header. This change ensures that no more than one SSL record will ever be consumed for processing by a single socket read. APAR PQ89967 is associated with SERVICE LEVEL W502013 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: PQ89906 APAR is sysrouted TO one or more of the following: PQ89968 Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PQ89967.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ89967
IBM Group: Software Group
Modified date: Aug 4, 2004
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.