Direct links to fixes
APAR status
Closed as program error.
Error description
We have a partner who is having intermittent trouble connecting to us because they are saying Secure Proxy is not returning the version message upon connecting. Below is what they said. We are on 3.3.01 on Linux. Protocol Version Exchange When the connection has been established, both sides MUST send an identification string. This identification string MUST be: SSH-protoversion-softwareversion SP comments CR LF Since the protocol being defined in this set of documents is version 2.0, the 'protoversion' MUST be "2.0". For whatever reason, EFT does not receive a VERSION message from the SSHD server and it drops the connection. If you look at the PCAP, you ll see an instance where the SSHD server does not send the SSH version string as the first bit of data upon connection. The EFT sends its version string and then starts the KEXINIT (key exchange init). The SSHD server starts out with KEXINIT with no version string and as a result causes the connection to drop due to the version string being too long.
Local fix
New Fix Needed
Problem summary
SFTP Partner has intermittent problem connecting to SSP. When an SFTP client connects to the SSP SFTP adapter and already specifies an encryption method in its initial key exchange record, SSP does not return the server identification string as its first message to the client. Instead SSP responds with its own SSH key exchange (KEXINIT), which is out of order. The client software disconnects.
Problem conclusion
Updated the SSH toolkit, which contains the fix to ignore the encryption method if it appears in the first record at SFTP connection time.
Temporary fix
Comments
APAR Information
APAR number
IC85733
Reported component name
STR SECURE PROX
Reported component ID
5725D0300
Reported release
330
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2012-08-03
Closed date
2012-10-30
Last modified date
2012-10-30
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
STR SECURE PROX
Fixed component ID
5725D0300
Applicable component levels
R331 PSY
UP
R340 PSY
UP
R341 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS6PNW","label":"IBM Sterling Secure Proxy"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.3","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
Document Information
Modified date:
30 October 2012