A fix is available
APAR status
Closed as program error.
Error description
AT-TLS is being used to secure a connection. The SSL handshake starts with the SSL client sending in the client hello. The next data from the SSL client includes a SSL application record and then a handshake record: 17030000 057C4040 FFEF1603 000084 . AT-TLS abends trying to decrypt the application data record because a control block needed for decryption is not available until after the handshake completes. . The SSL handshake should fail without an abend. VERIFICATION STEPS: 1) S0C4 abend in EZBTCRD attempting to store into the location pointed to by Reg 8 at offset 01515E. 2) Reg 8 will be zero. It was loaded from Reg 12(TCBTTLSX CB) + 108, which is also zero. 3) A packet trace will show an invalid sequence of data sent by the SSL client, similar to the data shown above.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of the IBM Communications Server * * for z/OS Version 1 Release 12 IP: AT-TLS * **************************************************************** * PROBLEM DESCRIPTION: Abend in EZBTCRD when AT-TLS receives * * SSL application data during SSL * * handshake * **************************************************************** * RECOMMENDATION: * **************************************************************** The remote client initiated a SSL handshake with an local application using AT-TLS. During the SSL handshake, an SSL application data record is sent along with SSL handshake records. AT-TLS tries to decrypt the SSL application data but abends because the TLSX_Dec_Parms@ area is not allocated yet. +-------------------------------------------------------------+ + Please check our Communications Server for OS/390 homepages + + for common networking tips and fixes. The URL for these + + homepages can be found in Informational APAR II11334. + +-------------------------------------------------------------+
Problem conclusion
Module EZBTLCWK has been changed to allocate the TLSX_Dec_Parm@ when the SSL handshake starts. * Cross Reference between External and Internal Names
Temporary fix
Comments
APAR Information
APAR number
PM36149
Reported component name
TCP/IP V3 MVS
Reported component ID
5655HAL00
Reported release
1C0
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2011-04-01
Closed date
2011-04-12
Last modified date
2011-06-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK66702 PM38843
Modules/Macros
EZBTLCWK
Fix information
Fixed component name
TCP/IP V3 MVS
Fixed component ID
5655HAL00
Applicable component levels
R1C0 PSY UK66702
UP11/05/21 P F105
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1C0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1C0","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
02 June 2011