IC85733: (SFTP) PARTNER HAS INTERMITTENT PROBLEM CONNECTING VIA SFTP

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • We have a partner who is having intermittent trouble connecting
    to us because they are saying Secure Proxy is not returning the
    version
    message upon connecting.  Below is what they said.  We are on
    3.3.01 on Linux.
    
    Protocol Version Exchange
    
       When the connection has been established, both sides MUST
    send an
       identification string.  This identification string MUST be:
          SSH-protoversion-softwareversion SP comments CR LF
       Since the protocol being defined in this set of documents is
    version
       2.0, the 'protoversion' MUST be "2.0".
    
    For whatever reason, EFT does not receive a VERSION message
    from the SSHD server and it drops the connection.  If you look
    at the PCAP, you
    ll see an instance where the SSHD server does not send the SSH
    version string as the first bit of data upon connection.  The
    EFT sends its
    version string and then starts the KEXINIT (key exchange init).
    The SSHD server starts out with KEXINIT with no version string
    and as a
    result causes the connection to drop due to the version string
    being too long.
    

Local fix

  • New Fix Needed
    

Problem summary

  • SFTP Partner has intermittent problem connecting to SSP.
    When an SFTP client connects to the SSP SFTP adapter and already
    specifies an encryption method in its initial key exchange
    record,  SSP does not return the server identification string as
    its first message to the client. Instead SSP responds with its
    own SSH key exchange (KEXINIT), which is out of order.  The
    client software disconnects.
    

Problem conclusion

  • Updated the SSH toolkit, which contains the fix to ignore the
    encryption method if it appears in the first record at SFTP
    connection time.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IC85733

  • Reported component name

    STR SECURE PROX

  • Reported component ID

    5725D0300

  • Reported release

    330

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-08-03

  • Closed date

    2012-10-30

  • Last modified date

    2012-10-30

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    STR SECURE PROX

  • Fixed component ID

    5725D0300

Applicable component levels

  • R331 PSY

       UP

  • R340 PSY

       UP

  • R341 PSY

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

Sterling Secure Proxy

Software version:

3.3

Reference #:

IC85733

Modified date:

2012-10-30

Translate my page

Machine Translation

Content navigation