OA63252: NEW FUNCTION - Add System SSL TLS V1.3 sysplex ticket caching support

Obtain the fix for this APAR.

APAR status

• Closed as new function.

Error description

• NEW FUNCTION - Add System SSL TLS V1.3 sysplex ticket caching
  support
  
  Support added for F GSKSRVR,RESET STATS,TICKETCACHE
  keywords: F GSKSRVR RESET STATS TICKETCACHE
  

Local fix

• MUST FIX
  

Problem summary

• ****************************************************************
  * USERS AFFECTED: System SSL server applications running on    *
  *                 z/OS V2.5 performing TLS V1.3 handshakes.    *
  ****************************************************************
  * PROBLEM DESCRIPTION: System SSL enhancements to allow for    *
  *                      caching TLS V1.3 sessions within the    *
  *                      System SSL started task, GSKSRVR.       *
  ****************************************************************
  * RECOMMENDATION: APPLY PTF                                    *
  ****************************************************************
  System SSL has been enhanced to allow for caching TLS V1.3
  sessions within the System SSL started task, GSKSRVR. This
  allows for TLS V1.3 sessions established on one server
  application to be resumed by another like-server application
  running on the same or a different system within a sysplex.
  
  The GSKSRVR has been enhanced to provide statistics for the
  existing session ID and the newly added session ticket cache.
  The session ticket cache is used by the GSKSRVR to store TLS
  V1.3 sessions. The caching statistics monitored by the GSKSRVR
  can be displayed with newly added operator modify commands.
  
  Client applications can now configure the maximum number of TLS
  V1.3 session tickets allowed to be stored per unique session
  with the GSK_SESSION_TICKET_CLIENT_MAXCACHED attribute.
  

Problem conclusion

Temporary fix

Comments

• System SSL has been enhanced to allow for caching TLS V1.3
  sessions within the System SSL started task, GSKSRVR. This
  allows for TLS V1.3 sessions established on one server
  application to be resumed by another like-server application
  running on the same or a different system within a sysplex.
  
  The enhancements included in this APAR will be documented in the
  z/OS 2.5 release of the z/OS Cryptographic Services System
  Secure Sockets Layer Programming publication (SC14-7495).
  

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UJ92916 UJ92917 UJ92918

Modules/Macros

• GSKAH010 GSKAH043 GSKAM003 GSKCMS31 GSKCMS64 GSKHP002 GSKJM003
  GSKS31   GSKS31F  GSKS64   GSKS64F  GSKSRVR
  

Fix information

• Fixed component name

  SYSTEM SSL

• Fixed component ID

  565506805

Applicable component levels

• R450 PSY UJ92916

     UP23/06/24 P F306  

• R451 PSY UJ92918

     UP23/06/24 P F306  

• R45J PSY UJ92917

     UP23/06/24 P F306  

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.