A fix is available
APAR status
Closed as program error.
Error description
AT-TLS handshake errors can cause TCPIP private storage use for subpool 249 key 6 to increase. The storage contains TSSL control blocks obtained by EZBTLSTO.
Local fix
KEYWORDS: SP249 K6 SUBPOOL249 KEY6 TSSL certificate TTLS ATTLS AT TLS POOL PRIVATE LOCAL STORAGE STG . VERIFICATION STEPS: - TCPIP private storage use is increasing for SP249 K6 - Increase can be noted in the D TCPIP,,STOR output for POOL storage. - AT-TLS is being used - SYSLOGD or SYSLOG may show client certificate errors. For example: EZD1287I TTLS Error RC: 5002 Initial Handshake 218 LOCAL: 10.123.123.123..3022 REMOTE: 10.456.456.456..1555 JOBNAME: CICSTEST RULE: CicsAtm2Cbiq 8 USERID: CICSTEST GRPID: 00000001 ENVID: 00000009 . The rc 5002 indicates that there is no userid from the certificate. . BPXF024I (BPXOINIT) Apr 8 16:29:37 CCCC TTLS 262 : 12:29:37 EZD1286I TTLS Error GRPID: 00000001 ENVID: 00000009 CONNID: 00023022 LOCAL: 10.123.123.123..3022 REMOTE: 10.456.456.456..1555 JOBNAME: CICSTEST USERID: CICSTEST RULE: CicsAtm2Cbiq 8 RC: 5002 Initial
Problem summary
**************************************************************** * USERS AFFECTED: All users of the IBM Communications Server * * for z/OS Version 1 Release(s) 10, 11, 12, * * and 13 IP: AT-TLS * **************************************************************** * PROBLEM DESCRIPTION: TCPIP private storage growth in * * subpool 249 key 6 following * * AT-TLS failure with RC 5002: * * No userid from the certificate * **************************************************************** * RECOMMENDATION: * **************************************************************** Private storage growth in TCPIP subpool 249 key 6 was detected following repeated occurrences of an AT-TLS connection failure with return code 5002: No userid from the certificate Eventually the following message was issued: EZZ4364I jobname POOL CONSTRAINED Repeated TCPIP pool storage displays also revealed an increase in private storage: D TCPIP,,STOR EZZ8453I TCPIP STORAGE 917 EZZ8454I TCPIP STORAGE CURRENT MAXIMUM LIMIT EZZ8455I TCPIP ECSA 5M 6M 40M EZZ8455I TCPIP POOL 12M 13M 60M EZZ8455I TCPIP 64-BIT COMMON 1M 1M NOLIMIT EZZ8455I TCPIP ECSA MODULES 7454K 7454K NOLIMIT EZZ8459I DISPLAY TCPIP STOR COMPLETED SUCCESSFULLY Dump analysis revealed many control blocks with a TSSL eyecatcher. The control blocks were allocated by EZBTLSTO called by SSL. The TSSL control blocks should have been freed during connection close processing for the 5002 return code. +-------------------------------------------------------------+ + Please check our Communications Server for OS/390 homepages + + for common networking tips and fixes. The URL for these + + homepages can be found in Informational APAR II11334. + +-------------------------------------------------------------+
Problem conclusion
Module EZBTLCWK has been amended to store the SSL socket handle into the TLSX extension of the TCB earlier in the connection initialization process. If a 5002 error occurs, then the socket handle will be available for storage cleanup processing. * Cross Reference between External and Internal Names
Temporary fix
********* * HIPER * *********
Comments
APAR Information
APAR number
PM36877
Reported component name
TCP/IP V3 MVS
Reported component ID
5655HAL00
Reported release
1C0
Status
CLOSED PER
PE
NoPE
HIPER
YesHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2011-04-12
Closed date
2011-05-09
Last modified date
2011-07-05
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK67547 UK67548 UK67549 UK67550
Modules/Macros
EZBTLCWK
Fix information
Fixed component name
TCP/IP V3 MVS
Fixed component ID
5655HAL00
Applicable component levels
R1A0 PSY UK67547
UP11/06/08 P F106
R1B0 PSY UK67548
UP11/06/08 P F106
R1C0 PSY UK67549
UP11/06/08 P F106
R1D0 PSY UK67550
UP11/06/08 P F106
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1C0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1C0","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
05 July 2011