A fix is available
APAR status
Closed as program error.
Error description
A secure connection may prematurely close when a client or server follows a close_notify with an immediate RST.
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: All users of z/VM TCP/IP * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: APPLY PTF * **************************************************************** When a secure connectionn is closed, a close_notify command is issued to close the secure tunnel. Both sides of the connection issue a close_notify so that they both know when data is flowing in the clear. If a client/server doesn't care about the connection after the close_notify is issued, they may issue an immediate RST before receiving the close_notify from the partner. In this case, the SSL connection to the partner may be closed before all of the data has been delivered.
Problem conclusion
The code in TCPUP PASCAL has been modified to check if a RST is being done for one half of an SSL secured connection. If the original connection was in the ESTABLISHED state, the RST is done immediately. If it is not in the ESTABLISHED state, the RST is delayed until all of the data has been delivered.
Temporary fix
Comments
APAR Information
APAR number
PH01192
Reported component name
TCP/IP FOR Z/VM
Reported component ID
5735FAL00
Reported release
640
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-08-02
Closed date
2018-09-06
Last modified date
2019-03-22
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI58351 UI58352
Modules/Macros
CMNETST FPIPDOW FPI6DOW FPNOTIF FPQUEUE FPROUND FPSCHED FPSOCKRE FPTCPDOW FPTCPREQ FPTCPUP FPUTIL F6TCPDOW F6TCPREQ F6TCPUP TCACB TCBASTY TCMIB TCMON TCPARSE TCPEQUAT TCPIP TCPRINT TCPSSL TCPUP TCQUEUE TCTCB TCUTIL
Fix information
Fixed component name
TCP/IP FOR Z/VM
Fixed component ID
5735FAL00
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG27N","label":"APARs - VM\/ESA environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"640","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG27M","label":"APARs - z\/VM environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"640","Edition":"","Line of Business":{"code":"LOB16","label":"Mainframe HW"}}]
Document Information
Modified date:
22 March 2019