"System SSL: SHA-512 crypto assist is not available" is displayed on mainframe
This is a message from the IBM SSL implementation to indicate that the SHA-512 algorithm is not available. If the fix described below has been applied to IBM System SSL, the message can be turned off by setting the GSK_SSL_HW_DETECT_MESSAGE environment variable to 0:
http://www-1.ibm.com/support/docview.wss?uid=isg1OA25022
OA25022: SYSTEM SSL: SHA-512 CRYPTO ASSIST IS NOT AVAILABLE MESSAGE IS SEEN IN STRERR EVEN WITH GSK_SSL_HW_DETECT_MESSAGE=0.
APAR status
Closed as program error.
Error description
The message 'System SSL: SHA-512 crypto assist is not available'
is seen in stderr even if the Environment variable
GSK_SSL_HW_DETECT_MESSAGE is coded as a 0.
The problem is the { } brackets are missing in the following
If Statement, so the SHA-512 message will always be written.
if (detect_messages)
fprintf(stderr, "System SSL: SHA-384 crypto assist is not
available\n");
fprintf(stderr, "System SSL: SHA-512 crypto assist is not
available\n");
Local fix
Problem summary
****************************************************************
* USERS AFFECTED: Users of System SSL that have applied new *
* function APAR OA22451. *
****************************************************************
* PROBLEM DESCRIPTION: SHA-512 hardware detection message *
* displays to user. *
****************************************************************
* RECOMMENDATION: APPLY PTF *
****************************************************************
The message is output by new code introduced by the addition of
the new function - support for the SHA-512 digest algorithm.
During hardware detection the new code outputs a new message to
the stderr interface advising that "SHA-512 crypto assist is not
available" when SHA-512 support is not detected through CPACF.
The message is correct, but is output regardless of the
GSK_SSL_HW_DETECT_MESSAGE environment variable setting, which
the message reporting would normally depend on.
Problem conclusion
PROBLEM CONCLUSION: col 64->|
System SSL has been modified so that during hardware detection,
if SHA-512 support is not detected, then the message "SHA-512
crypto assist is not available" is only output to stderr if the
GSK_SSL_HW_DETECT_MESSAGE environment variable is set to do so.
-
*--------------------------------------------------------------*
* The following defect is included in this fix: *
* *
* 2296 HW Detection message always output - SHA-512 not *
* available *
*--------------------------------------------------------------*
Related Articles
Requests to Customer Support to Assist with Multi-tenant Installations in RSA Web Threat Detection Number of Views How to identify the deployed version of the HXTT Text JDBC Driver in RSA Identity Governance & Lifecycle Number of Views Error 4780073 - KMS_INIT_P12_PARSE with the mainframe client Number of Views How to assist customers regarding RSA Via Access connector issues Number of Views Error: 'Sd_ApiInit Error Failed to Connect to the serv DB /path/ace/data/sdserv' Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Downloading RSA Authentication Manager license files or RSA Software token seed records RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Release Notes for RSA Authentication Manager 8.8 Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU
