KB Article #180945
[HANDSHAKE_FAILURE] CR=51 (Decrypt error: tlsv1 alert decrypt
Problem
PKITYPE=SYSTEM
New certificate inserted into the RACF RING
Error:
CFTY13E CTX=251551 SSL Handshake local error ÝHANDSHAKE_FAILURE~ CR=51 (Decrypt error: block type is not 01)
CFTY30E CTX=231552 SSL Handshake remote error ÝHANDSHAKE_FAILURE~ CR=51 (Decrypt error: tlsv1 alert decrypt
Resolution
Usually, this error is related to an issue with the certificate itself. Check in particular the signature.
Needed files to troubleshot such an issue:
Ensure the certificate is inserted with the PCICC attribute (if not the case already)
Enable the CFTSSL trace (trace=255)
Enable the traces using the environment variables below:
- to be set in UPARM(CNFENV)
- SSLW_TRACE_LEVEL=5
- XTRACE_CFT_TSSL_LEVEL=5
Do a transfer of a small file and then collect the files below:
- CFTEXT
- CFT LOG
- SGTRACE (the full CFT sysout will do)