IBM Support

PH41033: DFHWB0112 AND MESSAGES DFHSO0145 AND DFHSO0146

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • There are different types of CICS regions all are using the same
    USSCONFIG directory, some of them are defined for webservice
    calls using defaultciphers.xml, but a lot others dont't make
    webservice calls. All these other CICS regions get the
    informational messages DFHSO0145 and DFHSO0146 at startup.
    

Local fix

  • The correct way to resolve the problem is to define the regions
    correctly and only use a USSCONFIG with the feature toggle set
    for those web enabled regions that require it.
    If a separate USSCONFIG is not required then you need to add the
    KEYRING parameter to all the other CICS regions.  This will
    cause the SSL environment in CICS to be initialised.  This will
    allow the ciphers to be validated and not reported as invalid.
    The problematic messages will no longer appear.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All CICS users.                              *
    ****************************************************************
    * PROBLEM DESCRIPTION: Unwanted DFHSO0145 and DFHSO0146        *
    *                      messages during CICS initialisation.    *
    ****************************************************************
    CICS is started with the com.ibm.cics.web.defaultcipherfile
    feature toggle set to true.  A defaultciphers.xml file has been
    created in the USSCONFIG/security/ciphers directory.  The
    KEYRING SIT parameter is not set, so the region is not capable
    of making outbound HTTPS requests.
    
    During CICS initialisation DFHWBDM detects that the feature
    toggle is set so it calls DFHSOPA to process the
    defaultciphers.xml file.  DFHSOPA reads in the file and then
    removes any ciphers that are not available in the region.  In
    this case there are no ciphers available because the TLS
    environment was not created.  Messages DFHSO0145 and DFHSO0146
    are issued to say that the ciphers have been removed.  DFHWB0112
    is then issued to report that the defaultciphers.xml file was
    unable to be used because it contained invalid ciphers.
    
    The DFHSO0145 and DFHSO0146 messages are potentially confusing
    because the problem is with the configuration of the region
    rather than with the content of the cipher file.
    

Problem conclusion

  • CICS has been changed to no longer attempt to use the
    defaultciphers.xml file when CICS was started without a KEYRING
    specified.
    
    Message DFHWB0112 has been updated to add a new message insert
    to indicate why the file was not used.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH41033

  • Reported component name

    CICS TS Z/OS V5

  • Reported component ID

    5655Y0400

  • Reported release

    300

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2021-10-01

  • Closed date

    2021-10-21

  • Last modified date

    2021-11-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UI77737 010PC2Ÿ 010PC2Ÿ

Modules/Macros

  • DFHMEWBC DFHMEWBE DFHMEWBK DFHWBDM
    

Fix information

  • Fixed component name

    CICS TS Z/OS V5

  • Fixed component ID

    5655Y0400

Applicable component levels

  • R300 PSY UI77737

       UP21/10/22 P F110

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Line of Business":{"code":"LOB35","label":"Mainframe SW"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.6"}]

Document Information

Modified date:
02 November 2021