A fix is available
APAR status
Closed as program error.
Error description
A TCPIPSERVICE with SSL(ATTLSAWARE) is open in CICS. When a new connection arrives for this TCPIPSERVICE, TCPIP will start a default 7 second timeout to wait for the request data to arrive. As this is an AT-TLS connection the TLS handshake needs to be completed. The handshake uses a separate 10 second timeout as a default (but this can be configured in the AT-TLS policy). If the handshake fails to complete within 7 seconds the initial receive timeout expires. The CSOL task gets woken up to process the new connection. An SIOCTTLSCTL call is made to get the information related to the AT-TLS connection. The handshake has not yet completed so this call blocks until the 10 second timeout expires (so a delay of 3 seconds). While CSOL is blocked it holds the SOLOCK exclusively so most existing sockets based tasks will eventually get stuck on this lock. CSOL is also unable to process any further new connections or completed async receives. The problem can be bypassed by setting HandshakeTimeout to a value less than 7 in the AT-TLS policy used by CICS. Additional Symptom(s) Search Keyword(s): KIXREVSWM SOCKET SOLOCK DELAY Case TS003109986
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICS Users. * **************************************************************** * PROBLEM DESCRIPTION: CSOL task hangs for several seconds * * holding the SOLOCK. Other socket based * * tasks will suspend waiting for the * * SOLOCK. * **************************************************************** A TCPIPSERVICE with SSL(ATTLSAWARE) is installed and open. The HandshakeTimeout property of the associated AT-TLS policy has been allowed to default to 10 seconds, or has been set to a value larger than 7 seconds. A new connection is made to this AT-TLS port. The handshake is started but does not complete within 7 seconds. CSOL is notified of the new connection and makes a SIOCTTLSCTL call to obtain information relating to the AT-TLS state of the connection. This is a blocking call and this call will wait until the handshake completes (or times out). While waiting the CSOL task holds the SOLOCK exclusively, which causes most of the other sockets related tasks in CICS to suspend waiting for the SOLOCK.
Problem conclusion
DFHSOLS has been changed to explicitly set SO_RCVTIMEO to 7 seconds on any AT-TLS listener socket. This allows CSOL to detect new socket connections that have not yet completed the TLS handshake within 7 seconds and close them. Immediately closing the problem sockets prevents CSOL from getting stuck in the SIOCTTLSCTL call holding the SOLOCK.
Temporary fix
Comments
APAR Information
APAR number
PH22691
Reported component name
CICS TS Z/OS V5
Reported component ID
5655Y0400
Reported release
100
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-02-26
Closed date
2020-04-28
Last modified date
2020-06-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI69225 UI69226
Modules/Macros
DFHSOLS DFHSOTRI
Fix information
Fixed component name
CICS TS Z/OS V5
Fixed component ID
5655Y0400
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
02 June 2020