A fix is available
APAR status
Closed as program error.
Error description
AT/TLS has been enabled in TCPIP and a TTLSRule in the policies that lists multiple IP Addresses in the associated IpAddrGroup. If this group accidentally lists the same address twice, the rule will match for all connections involving an address in the range from the lowest to the highest address in the group. This will likely result in the affected connections failing that were intended to be clear-text. Other Symptoms: TTLS logging EZD1286I messages with RC: 5003 Data Decryption will likely be generated for the affected sessions.
Local fix
Identify and remove the duplicate address from the referenced IpAddrGroup.
Problem summary
**************************************************************** * USERS AFFECTED: All users of the IBM Communications Server * * for z/OS Version 1 Release(s) 10 and 11 * * IP: Policy Agent (pagent) * **************************************************************** * PROBLEM DESCRIPTION: Problem with address range value when * * IP address values are repeated within * * an IP address range groupings. * **************************************************************** * RECOMMENDATION: * **************************************************************** In the pagent configuration file when there are rules with IP address values that are repeated within an IP address range groupings, the address range type was being incorrectly set to zero. The address range type of zero causes the AT-TLS policy search logic in the TCP/IP stack to assume no IP addresses were specified, so AT-TLS was enabled for all IP addresses instead. A similar parsing problem can occur in routing rules as well. +-------------------------------------------------------------+ + Please check our Communications Server for OS/390 homepages + + for common networking tips and fixes. The URL for these + + homepages can be found in Informational APAR II11334. + +-------------------------------------------------------------+
Problem conclusion
The policy agent (pagent) code has been modified to set the IP address range value correctly. * Cross Reference between External and Internal Names EZAPATRT (PINITRTE) EZAPATTL (PINITTLS) EZAPATRT (PINITRTE) EZAPATTL (PINITTLS)
Temporary fix
Comments
APAR Information
APAR number
PM00354
Reported component name
TCP/IP V3 MVS
Reported component ID
5655HAL00
Reported release
1A0
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2009-11-03
Closed date
2009-11-20
Last modified date
2010-01-05
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK52172 UK52173
Modules/Macros
EZAPATRT EZAPATTL
Fix information
Fixed component name
TCP/IP V3 MVS
Fixed component ID
5655HAL00
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1A0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1A0","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
05 January 2010