PH58320: CSQX259E CSQXRESP CONNECTION TIMED OUT AFTER APPLICATION OF UI92291 23/11/27 PTF PECHANGE

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• Development finds that a receive buffer is resized during the
  TLS handshake and the buffer cached in a receive header. After
  the handshake is complete, the channel goes to resize this
  receive buffer to the maximum size for the conversation. It was
  this resizing process which was resulting in the problem in
  APAR PH52928. The fix for APAR PH52928 allows the buffer to be
  resized correctly. The problem is that the resizing leaves
  buffered encrypted data in the wrong receive buffer. The
  channel then waits on the socket to receive the first TSH, but
  eventually times out. This is because the TSH has likely
  already been received, and is sitting encrypted in the wrong
  receive buffer.
  .
  Additional keywords:
  TLS V1.3 1.3
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All users of IBM MQ for z/OS Version 9       *
  *                 Release 2 Modification 0 and Release 3       *
  *                 Modification 0.                              *
  ****************************************************************
  * PROBLEM DESCRIPTION: After application of APAR PH52928,      *
  *                      inbound TLS1.3 connections might time   *
  *                      out with message CSQX259E being issued  *
  *                      in the receiver channel initiator       *
  *                      joblog.                                 *
  ****************************************************************
  The problem is a timing window where a TLS1.3 client validly
  sends the first flow before the server has finished processing
  the TLS handshake. This sequence of events can result in the
  initial transmission segment header (TSH) being buffered into
  the wrong buffer. The server then waits for the first TSH to
  arrive on the socket, but the data has already arrived. It will
  wait until the connection times out at which point message
  CSQX259E is issued.
  

Problem conclusion

• The buffer management logic has been corrected to prevent an
  initial TSH being buffered into the wrong buffer.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UI96290 UI96291

Modules/Macros

• CSQXCCCX CSQXCCIT CSQXCCMX
  

Fix information

• Fixed component name

  IBM MQ Z/OS V9

• Fixed component ID

  5655MQ900

Applicable component levels

• R200 PSY UI96291

     UP24/04/27 P F404 {

• R300 PSY UI96290

     UP24/04/27 P F404 {

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.