A fix is available
APAR status
Closed as program error.
Error description
When establishing Secure Sockets Layer (SSL) connection between Tivoli Storage manager and client with "SSLFIPSMODE YES", dsmerror.log reports following errors. ANS1579E GSKit function gsk_secure_soc_init failed with 415: GSK_ERROR_BAD_PEER ANS9020E Could not establish a session with a TSM server or client agent. The TSM return code is -362. ANS1592E Failed to initialize SSL protocol. Unable to establish session with server. Following errors are generated on the server: ANR8583E An SSL socket initialization error occurred on session 1. The GSKit return code is 420. ANR8581E An SSL read error occurred on session 1. The GSKit return code is 406. There is a server APAR IC92000 for the same issue. Versions affected: Tivoli Storage Manager server 6.3.3 and above on all platforms. Additional Keywords SSL gskit api call Additional L2 info: Client service trace: : commtcp.cpp (1623): TcpOpen: Trying to connect to server at: : commtcp.cpp (1624): Domain Name: x.x.x.x : commtcp.cpp (1626): Port #: xxxx : commtcp.cpp (1651): TcpOpen: using blocking sockets : pscomtcp.cpp (1178): Attempt connection results, rc = 0. : pscomtcp.cpp (1194): psTcpConnect(): Attempt socket 1260 (IPv4) connection -> rc=0, errno=22013-01-07 12:10:14.604 : commtcp.cpp (1789): TcpOpen(): Looks like an SSL session. Initializing SSL socket... : gskit.cpp ( 259): GSKit::GSKit(): Entering : psskit.cpp ( 236): GSKit::psLoadFunctions(): Loading functions from path 'C:\Program Files\ibm\gsk8\lib64'... : psskit.cpp ( 284): GSKit::psLoadFunctions(): All functions have been successfully loaded : gskit.cpp ( 989): key database name is 'C:\Program Files\Tivoli\TSM\baclient\dsmcert.kdb' : gskit.cpp ( 371): GSKit::GSKit(): FIPS mode is ON : gskit.cpp ( 413): GSKit::GSKit(): setting TLS12 cipher specs 'TLS_RSA_WITH_AES_256_CBC_SHA' : gskit.cpp ( 500): GSKit::GSKit(): GSKit version: 8.0.14.14 : gskit.cpp (1042): setError(): gsk_secure_soc_init returned 415: 'GSK_ERROR_BAD_PEER' Initial Impact: Medium
Local fix
Set "SSLFIPSMODE NO" in dsmserv.opt, and restart the server.
Problem summary
**************************************************************** * USERS AFFECTED: Backup-archive client versions 6.3 and * * 6.4 running on all supported platforms. * **************************************************************** * PROBLEM DESCRIPTION: See ERROR DESCRIPTION * **************************************************************** * RECOMMENDATION: Apply fixing level when available. This * * problem is currently projected to be fixed * * in levels 6.3.2 and 6.4.1. Note that until * * the fixing levels are available, this * * information is subject to change at the * * discretion of IBM. * **************************************************************** *
Problem conclusion
The problem has been fixed so that it no longer occurs.
Temporary fix
Comments
APAR Information
APAR number
IC92002
Reported component name
TSM CLIENT
Reported component ID
5698ISMCL
Reported release
63A
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-04-30
Closed date
2013-06-10
Last modified date
2013-06-10
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
DSMC
Fix information
Fixed component name
TSM CLIENT
Fixed component ID
5698ISMCL
Applicable component levels
R63A PSY
UP
R63H PSY
UP
R63L PSY
UP
R63M PSY
UP
R63S PSY
UP
R63W PSY
UP
R64A PSY
UP
R64H PSY
UP
R64L PSY
UP
R64M PSY
UP
R64S PSY
UP
R64W PSY
UP
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"63A","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
10 June 2013