Application server as receiver has encryption, Application server as self-client does not

When the application server configured as the receiver has encryption configured but the application server configured as self-client does not, an error condition will occur.

The Application server STDOUT will display the following text (this is an example):

App server STDOUT:
[2019-02-11 07:40:03.567 _unp.utils ] - Callservice: Service call failed. 
{ Error: read ECONNRESET                                                  
    at exports._errnoException (util.js:1020:11)                          
    at TCP.onread (net.js:580:26) code: 'ECONNRESET', errno: 'ECONNRESET', syscall: 'read' }

The Application server log will record the error, if tracing is enabled. The following is an example entry:

(KS3_APPSRV_AS_SELF_CLIENT -; KS3_APPSRV_AS_SRV +;)
EZD1286I TTLS Error GRPID: 00000017 ENVID: 00000000 CONNID: 000B892D LOCAL: 192.168.55.23..48953 
REMOTE: 192.168.55.23..8282 JOBNAME: S3APP12R USERID: S3STC RULE: KS3_APPSRV_AS_SRV  
RC: 5003 Data Decryption
RC = 5003

This means that the remote partner receives clear text instead of secure data. The connection is terminated.

User response

Check the following items:

Ensure that the remote client is enabled for secure connections.
If the policy is defined with ApplicationControlled On, ensure that the application read all the cleartext data before it started the secure handshake. If you are configuring by using the IBM Configuration Assistant for z/OS Communications Server, the ApplicationControlled setting is done in each Traffic Descriptor.