A fix is available
APAR status
Closed as program error.
Error description
An FTP using the zOS FTP client to an ATTLS protected zOS FTP server can fail with error 534 TLS negotiation failed -- data connection closed. This occurs only when the client issues CCC after successfully logging into the server. verification steps: problem only occurs with ATTLS not native SSL FTP protection. A corresponding FTP server trace with debug sec acc enabled will show the following error which caused the 534 message to be issued: compareCertAttls: Data connection certificate does not match control connection certificate endSecureConn: entered Additional Symptom(s) Search Keyword(s): FTP 534 ATTLS
Local fix
code the following undocumented keyword in the FTP Server's FTP data file: tlscertcrosscheck = FALSE
Problem summary
**************************************************************** * USERS AFFECTED: All users of the IBM Communications Server * * for z/OS Version 1 Release 13 * * IP: FTP * **************************************************************** * PROBLEM DESCRIPTION: When FTP ATTLS is used and TLSRFCLEVEL * * is set to RFC4217, after CCC command, * * data connection fails with 534 error * * TLS negotiation failed -- data * * connection closed. * **************************************************************** * RECOMMENDATION: * **************************************************************** For ATTLS when data connection is established, FTP server needs to get control connection certificate and data connection certificate. After CCC command, control connection certificate will not be got any more, so data connection fails. +-------------------------------------------------------------+ + Please check our Communications Server for OS/390 homepages + + for common networking tips and fixes. The URL for these + + homepages can be found in Informational APAR II11334. + +-------------------------------------------------------------+
Problem conclusion
FTP server has been corrected. * Cross Reference between External and Internal Names
Temporary fix
Comments
APAR Information
APAR number
PI15989
Reported component name
TCP/IP V3 MVS
Reported component ID
5655HAL00
Reported release
1D0
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-04-14
Closed date
2014-05-23
Last modified date
2014-08-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI18250 PI18664
Modules/Macros
EZAFTPFU EZAFTPRX
Fix information
Fixed component name
TCP/IP V3 MVS
Fixed component ID
5655HAL00
Applicable component levels
R1D0 PSY UI18250
UP14/07/08 P F407
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1D0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1D0","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
04 August 2014