search cancel

Signature algorithm not in signature algorithm pairs list

book

Article ID: 8608

calendar_today

Updated On:

Products

CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services Datacom/AD CA ECOMETER SERVER COMPONENT FOC EASYTRIEVE REPORT GENERATOR FOR COMMON SERVICES INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Compress Data Compression for MVS Compress Data Compression for Fujitsu

Issue/Introduction

We have recently implemented the CA-CCI maintenance in support of TLS 1.2. 

The maintenance is currently on several sand-boxes, we have the problem with test system and all its updated connections. 

Note that SWER connects to all non-updated systems fine. 

This on SWER for all updated systems: 

CAS9899E Task 18 Error: SSL function gsk_secure_socket_init 

CAS9899E Task 18 Error: SSL function rc = 467 -> 

CAS9899E Task 18 Error: Signature algorithm not in signature algorithm pairs list 

CAS9861I Task 18 closing (901.987.654.321):2189. 

CAS9861I Task 18 delivered 2 packets, 694 bytes. 

CAS9899W Task 7 Heart Beat Timeout with MVSN 

CAS9899I Task 7 Connection with MVSN still active 

CAS9899E Task 7 Error: SSL function gsk_secure_socket_read 

CAS9899E Task 7 Error: SSL function rc = 420 -> 

CAS9899E Task 7 Error: Socket closed by remote partner 

CAS9899E Task 7 Error: SSL I/O ErrNo = 1121 -> 

CAS9899E Task 7 Error: EDC8121I Connection reset. 

CAS9603I - CAICCI SWER DISCONNECT FROM CAICCI MVSN 

 

This on the remote side: 

CAS9899E Task 5 Error: SSL function gsk_secure_socket_init 

CAS9899E Task 5 Error: SSL function rc = 438 -> 

CAS9899E Task 5 Error: Internal error reported by remote partner 

CAS9861I Task 5 closing SWER(123.456.789.01):21721. 

CAS9861I Task 5 delivered 2 packets, 694 bytes. 

CAS9855I Task 7 has connection from SWER(123.456.789.01):1433 

CAS9855I Task 7 has connection from SWER(123.456.789.01):1438 

6 Requested cipher_spec(s) = 002F00350038003900320033, Len = 24 

CAS9899E Task 7 SWER(123.456.789.01):1438 has no certificate. 

CAS9861I Task 7 closing SWER(123.456.789.01):1438. 

CAS9861I Task 7 delivered 2 packets, 694 bytes. 

 

Same behavior seen on each remote. 

Cause

IBM and their analysis pointed at the CERT as being the issue. 

Environment

z/os R2.1

Resolution

In gathering the information there were other attached certificates in the keyring that should not have been there. 

 

They cleaned this up and it corrected the issue.