OA67552: TLS_SRVR_CERT_SIG_METHOD AND TLS_CLNT_CERT_SIG_METHOD HELP NEEDS UPDATING AND DEFAULT FIELD LENGTH NEEDS TO BE INCREASED

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• TLS_SRVR_CERT_SIG_METHOD and TLS_CLNT_CERT_SIG_METHOD help needs
  updating and default field length needs to be increased.
  
  The default field length needs to be increased from 13 to 19 to
  cater for the longer signature methods which can be reported,
  for example RSAPSS-RSAE-SHA-512.
  The help for these fields also needs to be updated to show the
  newer signature methods which can be reported.
  

Local fix

• N/A
  

Problem summary

• ****************************************************************
  * USERS AFFECTED: Users of zSecure Audit exploiting event      *
  *                 reporting from SMF sources (newlist type     *
  *                 SMF).                                        *
  ****************************************************************
  * PROBLEM DESCRIPTION: zSecure Audit might report truncated    *
  *                      values in the following fields:         *
  *                                                              *
  *                       o TLS_SRVR_CERT_SIG_METHOD.            *
  *                       o SSH_SRVR_CERT_SIG_METHOD             *
  *                       o SSH_CLNT_CERT_SIG_METHOD.            *
  *                       o IKE_LCL_CERT_SIG_METHOD.             *
  *                       o IKE_RMT_CERT_SIG_METHOD.             *
  ****************************************************************
  * RECOMMENDATION: Apply the PTF provided and review the        *
  *                 documentation update.                        *
  ****************************************************************
  When no overriding output length is used for SMF fields
  TLS_SRVR_CERT_SIG_METHOD, SSH_SRVR_CERT_SIG_METHOD,
  SSH_CLNT_CERT_SIG_METHOD, IKE_LCL_CERT_SIG_METHOD, and
  IKE_RMT_CERT_SIG_METHOD, some values reported by these fields
  might be truncated in cases where value length exceeds the
  default output length of 13 characters.
  

Problem conclusion

• zSecure Audit has been modified, so that the default output
  length of SMF fields TLS_SRVR_CERT_SIG_METHOD,
  SSH_SRVR_CERT_SIG_METHOD, SSH_CLNT_CERT_SIG_METHOD,
  IKE_LCL_CERT_SIG_METHOD, and IKE_RMT_CERT_SIG_METHOD has been
  augmented to 19 characters. Please note the documentation
  changes as provided by the APAR tracking comment data.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UJ97360

Modules/Macros

• C2R3SME# C2R3SME$ C2R3SME5 C2R3SME6 C2R3SMFR CKAFDSM  GKRFDSM
  

Fix information

• Fixed component name

  ZSEC BASE,ADMIN

• Fixed component ID

  5655T0100

Applicable component levels

• R310 PSY UJ97360

     UP25/06/07 P F506

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.