Transport Layer Security (TLS) return codes for z/OS
IBM MQ for z/OS can use TLS with the various communication protocols. Use this topic to identify the error codes that can be returned by TLS.
Table 1 in this appendix documents the return codes, in decimal form, from the TLS that can be returned in messages from the distributed queuing component. Table 2 in this appendix documents the return codes, in hexadecimal form, from the TLS function 'gsk_fips_state_set' that can be returned in messages from the distributed queuing component.If the return code is not listed, or if we want more information, see z/OS Cryptographic Services System SSL Programming - SSL Function Return Codes.
Return code (decimal) | Explanation |
---|---|
1 | Handle is not valid. |
3 | An internal error has occurred. |
4 | Insufficient storage is available |
5 | Handle is in the incorrect state. |
6 | Key label is not found. |
7 | No certificates available. |
8 | Certificate validation error. |
9 | Cryptographic processing error. |
10 | ASN processing error. |
11 | LDAP processing error. |
12 | An unexpected error has occurred. |
102 | Error detected while reading key database or SAF key ring. |
103 | Incorrect key database record format. |
106 | Incorrect key database password. |
109 | No certificate authority certificates. |
201 | No key database password supplied. |
202 | Error detected while opening the key database. |
203 | Unable to generate temporary key pair |
204 | Key database password is expired. |
302 | Connection is active. |
401 | Certificate is expired or is not valid yet. |
402 | No TLS cipher specifications. |
403 | No certificate received from partner. |
405 | Certificate format is not supported. |
406 | Error while reading or writing data. |
407 | Key label does not exist. |
408 | Key database password is not correct. |
410 | TLS message format is incorrect. |
411 | Message authentication code is incorrect. |
412 | TLS protocol or certificate type is not supported. |
413 | Certificate signature is incorrect. |
414 | Certificate is not valid. |
415 | TLS protocol violation. |
416 | Permission denied. |
417 | Self-signed certificate cannot be validated. |
420 | Socket closed by remote partner. |
421 | SSL 2.0 cipher is not valid. |
422 | SSL 3.0 cipher is not valid. |
427 | LDAP is not available. |
428 | Key entry does not contain a private key. |
429 | SSL 2.0 header is not valid. |
431 | Certificate is revoked. |
432 | Session renegotiation is not allowed. |
433 | Key exceeds allowable export size. |
434 | Certificate key is not compatible with cipher suite. |
435 | certificate authority is unknown. |
436 | Certificate revocation list cannot be found. |
437 | Connection closed. |
438 | Internal error reported by remote partner. |
439 | Unknown alert received from remote partner. |
440 | Incorrect key usage. |
442 | Multiple certificates exist for label. |
443 | Multiple keys are marked as the default. |
444 | Error encountered generaing random bytes. |
445 | Key database is not a FIPS mode database. |
446 | TLS extension mismatch has been encountered. |
447 | Required TLS extension has been rejected. |
448 | Requested server name is not recognized. |
449 | Unsupported fragment length was received. |
450 | TLS extension length field is not valid. |
451 | Elliptic Curve is not supported. |
452 | EC Parameters not supplied. |
453 | Signature not supplied. |
454 | Elliptic Curve parameters are not valid. |
455 | ICSF services are not available. |
456 | ICSF callable services returned a error. |
457 | ICSF PKCS#11 not operating in FIPS mode. |
458 | The SSL 3.0 expanded cipher is not valid. |
459 | Elliptic Curve is not supported in FIPS mode. |
460 | Required TLS Renegotiation Indication not received. |
461 | EC domain parameter format is not supported. |
462 | Elliptic Curve point format is not supported. |
463 | Cryptographic hardware does not support service or algorithmn. |
464 | Elliptic curve list is not valid. |
466 | Signature algorithm pairs list is not valid. |
467 | Signature algorithm not in signature algorithm pairs list. |
468 | Certificate key algorithm not in signature algorithm pairs list. |
501 | Buffer size is not valid. |
502 | Socket request would block. |
503 | Socket read request would block. |
504 | Socket write request would block. |
505 | Record overflow. |
601 | Protocol is not TLS 1.0, TLS 1.1, or TLS 1.2. |
602 | Function identifier is not valid. |
603 | Specified function enumeration is not valid. |
604 | Send sequence number is near maxumum value. |
701 | Attribute identifier is not valid. |
702 | Attribute length is not valid. |
703 | Enumeration is not valid. |
704 | Session identifier cache callback is not valid. |
705 | Numeric value is not valid. |
706 | Attribute parameter is not valid. |
707 | TLS extension type is not valid. |
708 | Supplied TLS extension data is not valid. |
Return code (hexadecimal) | Explanation |
---|---|
03353050 | The enumeration value is not valid or it cannot be set due to the current state. |
0335306B | The System SSL FIPS mode state cannot be changed to FIPS mode because it is currently not in FIPS mode. |
0335306C | The request to execute in FIPS mode failed because the Cryptographic Services Security Level 3 FMID is not installed so that the required System SSL DLLs could not be loaded. |
03353067 | The power on known answer tests failed. FIPS mode cannot be set. |