Signature algorithm not in signature algorithm pairs list

book

Article ID: 8608

calendar_today

Updated On:

Products

CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA Datacom/AD CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Compress Data Compression for MVS CA Compress Data Compression for Fujitsu

Issue/Introduction

We have recently implemented the CA-CCI maintenance in support of TLS 1.2. 

The maintenance is currently on several sand-boxes, we have the problem with test system and all its updated connections. 

Note that SWER connects to all non-updated systems fine. 

This on SWER for all updated systems: 

CAS9899E Task 18 Error: SSL function gsk_secure_socket_init 

CAS9899E Task 18 Error: SSL function rc = 467 -> 

CAS9899E Task 18 Error: Signature algorithm not in signature algorithm pairs list 

CAS9861I Task 18 closing (901.987.654.321):2189. 

CAS9861I Task 18 delivered 2 packets, 694 bytes. 

CAS9899W Task 7 Heart Beat Timeout with MVSN 

CAS9899I Task 7 Connection with MVSN still active 

CAS9899E Task 7 Error: SSL function gsk_secure_socket_read 

CAS9899E Task 7 Error: SSL function rc = 420 -> 

CAS9899E Task 7 Error: Socket closed by remote partner 

CAS9899E Task 7 Error: SSL I/O ErrNo = 1121 -> 

CAS9899E Task 7 Error: EDC8121I Connection reset. 

CAS9603I - CAICCI SWER DISCONNECT FROM CAICCI MVSN 

 

This on the remote side: 

CAS9899E Task 5 Error: SSL function gsk_secure_socket_init 

CAS9899E Task 5 Error: SSL function rc = 438 -> 

CAS9899E Task 5 Error: Internal error reported by remote partner 

CAS9861I Task 5 closing SWER(123.456.789.01):21721. 

CAS9861I Task 5 delivered 2 packets, 694 bytes. 

CAS9855I Task 7 has connection from SWER(123.456.789.01):1433 

CAS9855I Task 7 has connection from SWER(123.456.789.01):1438 

6 Requested cipher_spec(s) = 002F00350038003900320033, Len = 24 

CAS9899E Task 7 SWER(123.456.789.01):1438 has no certificate. 

CAS9861I Task 7 closing SWER(123.456.789.01):1438. 

CAS9861I Task 7 delivered 2 packets, 694 bytes. 

 

Same behavior seen on each remote. 

Cause

IBM and their analysis pointed at the CERT as being the issue. 

Environment

z/os R2.1

Resolution

In gathering the information there were other attached certificates in the keyring that should not have been there. 

 

They cleaned this up and it corrected the issue. 

 

Powered by Wolken Software