Transport Layer Security (TLS) return codes for z/OS
IBM MQ for z/OSĀ® can use TLS with the various communication protocols. Use this topic to identify the error codes that can be returned by TLS.
Table 1 in this appendix documents the return codes, in decimal form, from the TLS that can be returned in messages from the distributed queuing component.
Table 2 in this appendix documents the return codes, in hexadecimal form, from the TLS function 'gsk_fips_state_set' that can be returned in messages from the distributed queuing component.
If the return code is not listed, or if you want more information, see z/OS Cryptographic Services System SSL Programming - SSL Function Return Codes.
| Return code (decimal) | Explanation |
|---|---|
| 1 | Handle is not valid. |
| 3 | An internal error has occurred. |
| 4 | Insufficient storage is available |
| 5 | Handle is in the incorrect state. |
| 6 | Key label is not found. |
| 7 | No certificates available. |
| 8 | Certificate validation error. |
| 9 | Cryptographic processing error. |
| 10 | ASN processing error. |
| 11 | LDAP processing error. |
| 12 | An unexpected error has occurred. |
| 102 | Error detected while reading key database or SAF key ring. |
| 103 | Incorrect key database record format. |
| 106 | Incorrect key database password. |
| 109 | No certificate authority certificates. |
| 201 | No key database password supplied. |
| 202 | Error detected while opening the key database. |
| 203 | Unable to generate temporary key pair |
| 204 | Key database password is expired. |
| 302 | Connection is active. |
| 401 | Certificate is expired or is not valid yet. |
| 402 | No TLS cipher specifications. |
| 403 | No certificate received from partner. |
| 405 | Certificate format is not supported. |
| 406 | Error while reading or writing data. |
| 407 | Key label does not exist. |
| 408 | Key database password is not correct. |
| 410 | TLS message format is incorrect. |
| 411 | Message authentication code is incorrect. |
| 412 | TLS protocol or certificate type is not supported. |
| 413 | Certificate signature is incorrect. |
| 414 | Certificate is not valid. |
| 415 | TLS protocol violation. |
| 416 | Permission denied. |
| 417 | Self-signed certificate cannot be validated. |
| 420 | Socket closed by remote partner. |
| 421 | SSL V2 cipher is not valid. |
| 422 | SSL V3 cipher is not valid. |
| 427 | LDAP is not available. |
| 428 | Key entry does not contain a private key. |
| 429 | SSL V2 header is not valid. |
| 431 | Certificate is revoked. |
| 432 | Session renegotiation is not allowed. |
| 433 | Key exceeds allowable export size. |
| 434 | Certificate key is not compatible with cipher suite. |
| 435 | certificate authority is unknown. |
| 436 | Certificate revocation list cannot be found. |
| 437 | Connection closed. |
| 438 | Internal error reported by remote partner. |
| 439 | Unknown alert received from remote partner. |
| 440 | Incorrect key usage. |
| 442 | Multiple certificates exist for label. |
| 443 | Multiple keys are marked as the default. |
| 444 | Error encountered generaing random bytes. |
| 445 | Key database is not a FIPS mode database. |
| 446 | TLS extension mismatch has been encountered. |
| 447 | Required TLS extension has been rejected. |
| 448 | Requested server name is not recognized. |
| 449 | Unsupported fragment length was received. |
| 450 | TLS extension length field is not valid. |
| 451 | Elliptic Curve is not supported. |
| 452 | EC Parameters not supplied. |
| 453 | Signature not supplied. |
| 454 | Elliptic Curve parameters are not valid. |
| 455 | ICSF services are not available. |
| 456 | ICSF callable services returned a error. |
| 457 | ICSF PKCS#11 not operating in FIPS mode. |
| 458 | The SSL V3 expanded cipher is not valid. |
| 459 | Elliptic Curve is not supported in FIPS mode. |
| 460 | Required TLS Renegotiation Indication not received. |
| 461 | EC domain parameter format is not supported. |
| 462 | Elliptic Curve point format is not supported. |
| 463 | Cryptographic hardware does not support service or algorithmn. |
| 464 | Elliptic curve list is not valid. |
| 466 | Signature algorithm pairs list is not valid. |
| 467 | Signature algorithm not in signature algorithm pairs list. |
| 468 | Certificate key algorithm not in signature algorithm pairs list. |
| 501 | Buffer size is not valid. |
| 502 | Socket request would block. |
| 503 | Socket read request would block. |
| 504 | Socket write request would block. |
| 505 | Record overflow. |
| 601 | Protocol is not TLS V1.0, TLS V1.1, or TLS V1.2. |
| 602 | Function identifier is not valid. |
| 603 | Specified function enumeration is not valid. |
| 604 | Send sequence number is near maxumum value. |
| 701 | Attribute identifier is not valid. |
| 702 | Attribute length is not valid. |
| 703 | Enumeration is not valid. |
| 704 | Session identifier cache callback is not valid. |
| 705 | Numeric value is not valid. |
| 706 | Attribute parameter is not valid. |
| 707 | TLS extension type is not valid. |
| 708 | Supplied TLS extension data is not valid. |
| Return code (hexadecimal) | Explanation |
|---|---|
| 03353050 | The enumeration value is not valid or it cannot be set due to the current state. |
| 0335306B | The System SSL FIPS mode state cannot be changed to FIPS mode because it is currently not in FIPS mode. |
| 0335306C | The request to execute in FIPS mode failed because the Cryptographic Services Security Level 3 FMID is not installed so that the required System SSL DLLs could not be loaded. |
| 03353067 | The power on known answer tests failed. FIPS mode cannot be set. |