A fix is available
APAR status
Closed as new function.
Error description
DB2DDF defect pm53450 dpm53450 DB2 support for DRDA client certificate authentication security mechanism. *************************************** Additional symptoms and keywords: Transport Layer Security TLS Client Certificate Authentication Security TLSCCASEC Secure Socket Layer SSL client mutual authentication digital certificate handshakerole serverwithclientauth clientauthtype safcheck
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All Distributed Data Facility (DDF) users. * * Specifically where a DB2 10 for z/OS server * * is accessed by remote clients using SSL * * client (mutual) authentication. * **************************************************************** * PROBLEM DESCRIPTION: Additional enhancements to * * DB2 10 for z/OS digital certificate * * authentication support. * **************************************************************** * RECOMMENDATION: * **************************************************************** DB2 10 for z/OS APAR/PTF PM37057/UK73180 provided additional enhancements to support remote clients accessing DB2 using digital certificates. In order for remote clients to utilize this kind of digital certificate authentication, the remote client system would need to present its user ID (at a minimum) in order to access DB2. However, there are some client drivers (such as IBM Data Server Driver for ODBC and CLI) that do not have the capability to support a user ID only security mechanism. Therefore, the IBM Data Server Driver clients will implement a new DRDA security mechanism that allows the remote client system to access DB2 using the SSL mutual authentication security protocol without the presence of a user ID and/or password. This APAR will provide the necessary support by DB2 to support this new digital certificate authentication method.
Problem conclusion
Temporary fix
Comments
DB2 10 for z/OS remote connection authentication processing has been enhanced to support the DRDA TLS Client Certificate Authentication Security (TLSCCASEC) mechanism for those remote client drivers that support it.
APAR Information
APAR number
PM53450
Reported component name
DB2 OS/390 & Z/
Reported component ID
5740XYR00
Reported release
A10
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2011-12-02
Closed date
2012-04-06
Last modified date
2012-06-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK77746
Modules/Macros
DSNLTSEC DSNLZSAS DSNLZSPA DSNLZSR2
Fix information
Fixed component name
DB2 OS/390 & Z/
Fixed component ID
5740XYR00
Applicable component levels
RA10 PSY UK77746
UP12/05/11 P F205
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEPEK","label":"Db2 for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.1","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
03 June 2012