"System SSL: SHA-512 crypto assist is not available" is displayed on mainframe
This is a message from the IBM SSL implementation to indicate that the SHA-512 algorithm is not available. If the fix described below has been applied to IBM System SSL, the message can be turned off by setting the GSK_SSL_HW_DETECT_MESSAGE environment variable to 0:
http://www-1.ibm.com/support/docview.wss?uid=isg1OA25022
OA25022: SYSTEM SSL: SHA-512 CRYPTO ASSIST IS NOT AVAILABLE MESSAGE IS SEEN IN STRERR EVEN WITH GSK_SSL_HW_DETECT_MESSAGE=0.
APAR status
Closed as program error.
Error description
The message 'System SSL: SHA-512 crypto assist is not available'
is seen in stderr even if the Environment variable
GSK_SSL_HW_DETECT_MESSAGE is coded as a 0.
The problem is the { } brackets are missing in the following
If Statement, so the SHA-512 message will always be written.
if (detect_messages)
fprintf(stderr, "System SSL: SHA-384 crypto assist is not
available\n");
fprintf(stderr, "System SSL: SHA-512 crypto assist is not
available\n");
Local fix
Problem summary
****************************************************************
* USERS AFFECTED: Users of System SSL that have applied new *
* function APAR OA22451. *
****************************************************************
* PROBLEM DESCRIPTION: SHA-512 hardware detection message *
* displays to user. *
****************************************************************
* RECOMMENDATION: APPLY PTF *
****************************************************************
The message is output by new code introduced by the addition of
the new function - support for the SHA-512 digest algorithm.
During hardware detection the new code outputs a new message to
the stderr interface advising that "SHA-512 crypto assist is not
available" when SHA-512 support is not detected through CPACF.
The message is correct, but is output regardless of the
GSK_SSL_HW_DETECT_MESSAGE environment variable setting, which
the message reporting would normally depend on.
Problem conclusion
PROBLEM CONCLUSION: col 64->|
System SSL has been modified so that during hardware detection,
if SHA-512 support is not detected, then the message "SHA-512
crypto assist is not available" is only output to stderr if the
GSK_SSL_HW_DETECT_MESSAGE environment variable is set to do so.
-
*--------------------------------------------------------------*
* The following defect is included in this fix: *
* *
* 2296 HW Detection message always output - SHA-512 not *
* available *
*--------------------------------------------------------------*
Related Articles
Requests to Customer Support to Assist with Multi-tenant Installations in RSA Web Threat Detection Number of Views How to identify the deployed version of the HXTT Text JDBC Driver in RSA Identity Governance & Lifecycle Number of Views Database fails to start with ORA-03113: end-of-file on communication channel error in RSA Identity Governance & Lifecycle Number of Views Delete the Device History for a User Number of Views Which RSA Cloud Authentication Service tenant am I using? Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
