DFHSO0123 date time applid Return code rc received from function {unknown | gsk_environment_init | gsk_environment_open | gsk_environment_close | gsk_secure_socket_init | gsk_secure_socket_open | gsk_secure_socket_close | gsk_secure_socket_read | gsk_secure_socket_write | gsk_attribute_set_buffer | gsk_attribute_set_callback | gsk_attribute_set_enum | gsk_attribute_set_numeric_value} of System SSL. Reason: {Unrecognized return code | Key database not found | Key database access not authorized | Invalid password for key database | Expired password for key database | Stashed password file not found | Session timeout value is invalid | An I/O error occurred | An unknown error occurred | Invalid distinguished name | No common ciphers negotiated | No certificate available | Certificate validation failed | Root certificate authority not supported | Unsupported operation | Invalid certificate signature | SSL protocol violation | Not authorized | Self-signed certificate | Invalid session state | Handle creation failed | No private key | Untrusted Certificate Authority | Certificate date invalid | Invalid cipher suite | Handshake abandoned by peer | Cannot open key database | Host certificate not yet valid | Certificate parsing error | Certificate is revoked | LDAP server is inactive | Unknown Certificate Authority | Internal error on partner | Unknown alert received | Client authentication alert | Incorrect key usage | Server name not recognized | Bad message length | Cryptographic error detected | Export restriction | TLS extension mismatch | No Negotiation | GSKCMS Error | Signature algorithm not in signature algorithm pairs list}. Peer: peeraddr, TCPIPSERVICE: tcpipservice.

Explanation

A non-zero return code rc was received from the specified function of the z/OS System SSL service. A brief interpretation of the return code is shown. The service was processing a connection with a partner at IP address peeraddr to TCPIPSERVICE tcpipservice. When the error reason is certificate related the CERTIFICATE named on the TCPIPSERVICE resource is checked.

System action

The secure sockets operation is abandoned. A sockets domain severe error message, DFHSO0002, may be produced with error code X'080C'.

User response

If this message is not accompanied by message DFHSO0002, the error is probably due to some unexpected action by the connected partner, and this message is for information only. If this message is accompanied by message DFHSO0002, the error is probably due to some sort of configuration error. If the message shows Peer: 0.0.0.0, TCPIPSERVICE: *NONE* the error is probably due to a PERFORM SSL REBUILD failure. A PERFORM SSL REBUILD failure should preserve the old SSL environment. Use the description in the message to determine what is wrong. For descriptions of the return code rc (which is in decimal and may need converting to hex), see z/OS Cryptographic Services: System SSL Programming, SC24-5901. For further guidance see the Connecting CICS to other systems.

If the brief interpretation of the return code is Certificate date invalid the certificate may either have expired or be not yet valid, and may refer to either the local certificate or the remote partner's certificate.

If the brief interpretation of the return code is No certificate available the certificate may have been recently added to the keyring. Issue a PERFORM SSL REBUILD to refresh the SSL environment.

If the brief interpretation of the return code is Certificate validation failed then either the server or client certificate (if client certificates are being used) is invalid.

Module

DFHSOSE

XMEOUT parameters/Message inserts

  1. date
  2. time
  3. applid
  4. rc
  5. Value chosen from the following options:
  6. Value chosen from the following options:
  7. peeraddr
  8. tcpipservice

Destination

CSOO