IBM Support

OA37102: CONDITIONING APAR FOR APAR OA39422

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as new function.

Error description

  • Conditioning APAR for APAR OA39422
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users with a mixture of z/OS V1R13 and       *
    *                 earlier releases of System SSL exploiting    *
    *                 System SSL sysplex session cache support.    *
    ****************************************************************
    * PROBLEM DESCRIPTION: When sysplex session id caching is      *
    *                      enabled, an attempt by an SSL server to *
    *                      use session resumption may fail due to  *
    *                      an unsupported SSL/TLS protocol         *
    *                      version. The SSL/TLS protocol that was  *
    *                      used prior and stored in the sysplex    *
    *                      session id cache is not supported by    *
    *                      the current session being established.  *
    ****************************************************************
    * RECOMMENDATION: APPLY PTF                                    *
    ****************************************************************
    Server applications enabled for sysplex session id caching will
    only be able to reuse a session id cache entry if the protocol
    used by the cached session is supported by the session being
    established.  If the protocol is not supported, a full
    handshake will occur.
    
    The sysplex session cache is enabled for an application server
    if the environment variable GSK_SYSPLEX_SIDCACHE is defined or
    the application invokes the gsk_attribute_set_enum() routine to
    set the GSK_SYSPLEX_SIDCACHE attribute.
    

Problem conclusion

  • KEYWORDS: R13COEXS/K ZOS0201C/K ZOS0202C/K
    

Temporary fix

Comments

  • System SSL has been modified to ensure that the SSL/TLS protocol
    used by the cached session entry is support by the server
    session being established.  If a session cache entry cannot
    be used by the new session, a full SSL or TLS handshake will be
    attempted in preference to terminating the connection.
    
    This fix is delivered in internal feature 4063.
    

APAR Information

  • APAR number

    OA37102

  • Reported component name

    SYSTEM SSL

  • Reported component ID

    565506805

  • Reported release

    3A0

  • Status

    CLOSED UR1

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    YesSpecatt / Xsystem

  • Submitted date

    2011-07-20

  • Closed date

    2012-10-02

  • Last modified date

    2016-12-08

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA66807 UA66806

Modules/Macros

  • GSKCMS31 GSKCMS64 GSKS31   GSKS31F  GSKS64
    GSKS64F
    

Fix information

  • Fixed component name

    SYSTEM SSL

  • Fixed component ID

    565506805

Applicable component levels

  • R3B0 PSY UA66804

       UP12/10/09 P F301

  • R3B1 PSY UA66805

       UP12/10/09 P F301

  • R3C0 PSY UA66806

       UP12/10/10 P F210

  • R3C1 PSY UA66807

       UP12/10/10 P F210

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.



Document information

More support for: z/OS family

Software version: 3A0

Operating system(s): MVS, z/OS

Reference #: OA37102

Modified date: 08 December 2016