IBM Support

PH01192: SSL SOCKET MAY PREMATURELY CLOSE AT END OF SESSION

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • A secure connection may prematurely close when a client or
    server follows a close_notify with an immediate RST.
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All users of z/VM TCP/IP                     *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    ****************************************************************
    * RECOMMENDATION: APPLY PTF                                    *
    ****************************************************************
    When a secure connectionn is closed, a close_notify command is
    issued to close the secure tunnel.  Both sides of the connection
    issue a close_notify so that they both know when data is
    flowing in the clear.  If a client/server doesn't care about
    the connection after the close_notify is issued, they may
    issue an immediate RST before receiving the close_notify
    from the partner.  In this case, the SSL connection to the
    partner may be closed before all of the data has been
    delivered.
    

Problem conclusion

  • The code in TCPUP PASCAL has been modified to check if a RST is
    being done for one half of an SSL secured connection.  If the
    original connection was in the ESTABLISHED state, the RST is
    done immediately.  If it is not in the ESTABLISHED state, the
    RST is delayed until all of the data has been delivered.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH01192

  • Reported component name

    TCP/IP FOR Z/VM

  • Reported component ID

    5735FAL00

  • Reported release

    640

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-08-02

  • Closed date

    2018-09-06

  • Last modified date

    2019-03-22

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UI58351 UI58352

Modules/Macros

  • CMNETST  FPIPDOW  FPI6DOW  FPNOTIF  FPQUEUE  FPROUND  FPSCHED
    FPSOCKRE FPTCPDOW FPTCPREQ FPTCPUP  FPUTIL   F6TCPDOW F6TCPREQ
    F6TCPUP  TCACB    TCBASTY  TCMIB    TCMON    TCPARSE  TCPEQUAT
    TCPIP    TCPRINT  TCPSSL   TCPUP    TCQUEUE  TCTCB    TCUTIL
    

Fix information

  • Fixed component name

    TCP/IP FOR Z/VM

  • Fixed component ID

    5735FAL00

Applicable component levels

  • R640 PSY UI58351

       UP18/09/12 P 1802

  • R710 PSY UI58352

       UP18/09/12 P 1901

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG27N","label":"APARs - VM\/ESA environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"640","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG27M","label":"APARs - z\/VM environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"640","Edition":"","Line of Business":{"code":"LOB16","label":"Mainframe HW"}}]

Document Information

Modified date:
22 March 2019