Attempting to initiate a Secure+ session to a node fails as with CSPA202E and CSPA003E. In RPLERRCK messages indicate DATA BUFFER TOO LARGE.
Messages below are output to JESMSGLG:
CSPA202E SSL handshake failure, reason=GSK_ERR_SOCKET_CLOSED
CSPA003E Security Violation - SNODE authentication error
SVTM105I PNAME=PROCESS , PNUM= 42,379, MOVED TO Q=HOLD , QSTATUS=HE
Messages below are output to RPLERRCK:
P0012 17:56:38.84 TAPNODE: PNODE.NAME TASNODE: SNODE.NAME TASLU: 1364
P0012 17:56:38.84 TAPROCNO: 0 SOCKET: 00000001
P0012 17:56:38.84 -- SDIP_RECEIVE: DATA BUFFER TOO LARGE
P0012 17:56:38.84 -- SDIP_RECEIVE: RECEIVED SIZE = 000020A4
P0012 17:56:38.84 -- SDIP_RECEIVE: ALLOCATED SIZE = 00002000
The X.509 certificate returned from the SNODE had increased in size and over ran the allotted buffer size.
Resolving the problem
This issue was circumvented by changing the initialization parameter V2.BUFSIZE from the default value of 4K to 16K.
The issue is resolved by applying a fix:
Connect:Direct for z/OS 4.7 apply fix R047003
Connect:Direct for z/OS 4.8 apply fix R017903
Connect:Direct for z/OS 5.0 apply fix R017928
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.