A fix is available
APAR status
Closed as new function.
Error description
Conditioning APAR for APAR OA39422
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users with a mixture of z/OS V1R13 and * * earlier releases of System SSL exploiting * * System SSL sysplex session cache support. * **************************************************************** * PROBLEM DESCRIPTION: When sysplex session id caching is * * enabled, an attempt by an SSL server to * * use session resumption may fail due to * * an unsupported SSL/TLS protocol * * version. The SSL/TLS protocol that was * * used prior and stored in the sysplex * * session id cache is not supported by * * the current session being established. * **************************************************************** * RECOMMENDATION: APPLY PTF * **************************************************************** Server applications enabled for sysplex session id caching will only be able to reuse a session id cache entry if the protocol used by the cached session is supported by the session being established. If the protocol is not supported, a full handshake will occur. The sysplex session cache is enabled for an application server if the environment variable GSK_SYSPLEX_SIDCACHE is defined or the application invokes the gsk_attribute_set_enum() routine to set the GSK_SYSPLEX_SIDCACHE attribute.
Problem conclusion
KEYWORDS: R13COEXS/K ZOS0201C/K ZOS0202C/K
Temporary fix
Comments
System SSL has been modified to ensure that the SSL/TLS protocol used by the cached session entry is support by the server session being established. If a session cache entry cannot be used by the new session, a full SSL or TLS handshake will be attempted in preference to terminating the connection. This fix is delivered in internal feature 4063.
APAR Information
APAR number
OA37102
Reported component name
SYSTEM SSL
Reported component ID
565506805
Reported release
3A0
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / Xsystem
Submitted date
2011-07-20
Closed date
2012-10-02
Last modified date
2016-12-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UA66807 UA66806
Modules/Macros
GSKCMS31 GSKCMS64 GSKS31 GSKS31F GSKS64 GSKS64F
Fix information
Fixed component name
SYSTEM SSL
Fixed component ID
565506805
Applicable component levels
R3B0 PSY UA66804
UP12/10/09 P F301
R3B1 PSY UA66805
UP12/10/09 P F301
R3C0 PSY UA66806
UP12/10/10 P F210
R3C1 PSY UA66807
UP12/10/10 P F210
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3A0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":null,"label":null},"Product":{"code":"SG19O","label":"APARs - MVS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3A0","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
08 December 2016