Fixes are available
APAR status
Closed as program error.
Error description
PCOM 6.0.4 is configured for Auto-Reconnect using a Secure session. When the Server is recycled, the PCOM clients flood the network with connection requests. The PCOM trace shows: skREAD called, >>> ERROR CONDITION, NON SSL PORT <<< expected to read 5 bytes,but read = -1, number of bytes to read = 5 This happens during the Client Hello exchange with the host. After 3 seconds, PCOM drops the connection and tries again.
Local fix
Uncheck Auto-Reconnect in the PCOM session profile.
Problem summary
**************************************************************** * USERS AFFECTED: * * Users of IBM Personal Communications secure sessions with * * Auto-Reconnect enabled. * **************************************************************** * PROBLEM DESCRIPTION: * * User configures IBM Personal Communications session with * * security and Auto-Reconnect. When a session fails to connect * * in 3 seconds or less, the Auto-Reconnect function may flood * * the host Server with connection requests. * **************************************************************** * RECOMMENDATION: * **************************************************************** User configures IBM Personal Communications session with secure connection along with Auto-Reconnect enabled. When a session could not establish a connection within the default SSL handshake period of 3 seconds, the session would disconnect and auto-reconnect would be attempted. This repeated reconnect attempt on an already overloaded host may result in denial of service attack.
Problem conclusion
On a busy host, the SSL handshake timeout period of 3 seconds may not be sufficient. In order to accommodate such cases IBM Personal Communications code was modified to make the SSL handshake timeout period configurable. The new keyword can be configured in a .WS file as below: [Session] SSLHandshakeTimeout = 15 - where "SSLHandshakeTimeout" is the keyword unit in seconds. Default value is 3 seconds. Fix scheduled for IBM Personal Communications 6.0.19 and 12.0.2.0 Refresh Packs.
Temporary fix
Comments
APAR Information
APAR number
IT17700
Reported component name
PCOMM COMBO-ENC
Reported component ID
5639I7000
Reported release
604
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-10-27
Closed date
2016-12-14
Last modified date
2016-12-14
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
PCSTLNET
Fix information
Fixed component name
PCOMM COMBO-ENC
Fixed component ID
5639I7000
Applicable component levels
R60G PSY
UP
RC00 PSY
UP
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSEQ5Y","label":"Personal Communications"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"604","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
14 December 2016