IBM Support

PM36877: TCPIP SUBPOOL 249 KEY 6 STORAGE GROWTH USING AT-TLS

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • AT-TLS handshake errors can cause TCPIP private storage use for
subpool 249 key 6 to increase.  The storage contains TSSL
control blocks obtained by EZBTLSTO.

Local fix

  • KEYWORDS: SP249 K6 SUBPOOL249 KEY6 TSSL certificate  TTLS
ATTLS AT TLS POOL PRIVATE LOCAL STORAGE STG
.
VERIFICATION STEPS:
- TCPIP private storage use is increasing for SP249 K6
- Increase can be noted in the D TCPIP,,STOR output for POOL
  storage.
- AT-TLS is being used
- SYSLOGD or SYSLOG may show client certificate errors.  For
  example:
  EZD1287I TTLS Error RC: 5002 Initial Handshake 218
    LOCAL: 10.123.123.123..3022
    REMOTE: 10.456.456.456..1555
  JOBNAME: CICSTEST RULE: CicsAtm2Cbiq 8
  USERID: CICSTEST GRPID: 00000001 ENVID: 00000009
.
  The rc 5002 indicates that there is no userid from the
  certificate.
.

 BPXF024I (BPXOINIT) Apr  8 16:29:37 CCCC TTLS 262 : 12:29:37

 EZD1286I TTLS Error GRPID: 00000001 ENVID: 00000009 CONNID:
          00023022
 LOCAL: 10.123.123.123..3022 REMOTE: 10.456.456.456..1555
 JOBNAME: CICSTEST USERID: CICSTEST
 RULE: CicsAtm2Cbiq 8  RC: 5002 Initial

Problem summary

  • ****************************************************************
* USERS AFFECTED: All users of the IBM Communications Server   *
*                 for z/OS Version 1 Release(s)  10, 11, 12,   *
*                 and 13 IP: AT-TLS                            *
****************************************************************
* PROBLEM DESCRIPTION: TCPIP private storage growth in         *
*                      subpool 249 key 6 following             *
*                      AT-TLS failure with RC 5002:            *
*                      No userid from the certificate          *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Private storage growth in TCPIP subpool 249 key 6 was
detected following repeated occurrences of an AT-TLS
connection failure with return code 5002:

No userid from the certificate

Eventually the following message was issued:

EZZ4364I jobname POOL CONSTRAINED

Repeated TCPIP pool storage displays also revealed
an increase in private storage:

D TCPIP,,STOR

EZZ8453I TCPIP STORAGE 917
EZZ8454I TCPIP    STORAGE         CURRENT   MAXIMUM     LIMIT
EZZ8455I TCPIP    ECSA                 5M        6M       40M
EZZ8455I TCPIP    POOL                12M       13M       60M
EZZ8455I TCPIP    64-BIT COMMON        1M        1M   NOLIMIT
EZZ8455I TCPIP    ECSA MODULES      7454K     7454K   NOLIMIT
EZZ8459I DISPLAY TCPIP STOR COMPLETED SUCCESSFULLY

Dump analysis revealed many control blocks with a TSSL
eyecatcher.  The control blocks were allocated by EZBTLSTO
called by SSL.

The TSSL control blocks should have been freed during connection
close processing for the 5002 return code.
+-------------------------------------------------------------+
+ Please check our Communications Server for OS/390 homepages +
+ for common networking tips and fixes.  The URL for these    +
+ homepages can be found in Informational APAR II11334.       +
+-------------------------------------------------------------+

Problem conclusion

  • Module EZBTLCWK has been amended to store the SSL
socket handle into the TLSX extension of the TCB
earlier in the connection initialization process.
If a 5002 error occurs, then the socket handle
will be available for storage cleanup processing.

* Cross Reference between External and Internal Names

Temporary fix

  • *********
* HIPER *
*********

Comments

  • 



APAR Information




    

  • APAR number
    PM36877
    • 

  • Reported component name
    TCP/IP V3 MVS
    • 

  • Reported component ID
    5655HAL00
    • 

  • Reported release
    1C0
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    YesHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2011-04-12
    • 

  • Closed date
    2011-05-09
    • 

  • Last modified date
    2011-07-05
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UK67547 UK67548 UK67549 UK67550
    

    • 



Modules/Macros


    

  • EZBTLCWK

    



Fix information


    

  • Fixed component name
    TCP/IP V3 MVS
    • 

  • Fixed component ID
    5655HAL00
    • 



Applicable component levels


    

  • R1A0  PSY  UK67547
       UP11/06/08  P  F106  Ž
    • 

  • R1B0  PSY  UK67548
       UP11/06/08  P  F106  Ž
    • 

  • R1C0  PSY  UK67549
       UP11/06/08  P  F106  Ž
    • 

  • R1D0  PSY  UK67550
       UP11/06/08  P  F106  Ž
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1C0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1C0","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            05 July 2011
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback