A fix is available
APAR status
Closed as program error.
Error description
System SSL gsk_secure_socket_init() return codes 517(0x205), and 542(0x21E) cause a CICS dump to be taken. In the CICS joblog MSGUSR DD, the following message is seen: DFHSO0123 Return code 517 received from function gsk_secure_socket_init of System SSL. Reason: Unrecognized return code. Peer: xxx.xxx.xxx.xxx, TCPIPSERVICE: xxx. DFHSO0123 Return code 542 received from function gsk_secure_socket_init of System SSL. Reason: Unrecognized return code. Peer: xxx.xxx.xxx.xxx, TCPIPSERVICE: xxx.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICS users. * **************************************************************** * PROBLEM DESCRIPTION: A DFHSO0002 dump is taken incorrectly * * in response to rc517 (0x205) and rc542 * * (0x21E) from a System SSL * * gsk_secure_socket_init() call. * **************************************************************** In the reported problem, CICS had been configured to process HTTP requests secured using TLS 1.3. Requests were received which caused CICS to invoke the System SSL function gsk_secure_socket_init(). However, the TLS handshakes failed with a return code of 517 and 542. CICS issued message DFHSO0123 which did not indicate the reason for these return codes. Additionally, CICS took a system dump which was unnecessary for these failures. Depending on client SSL configuration, it is possible that CICS will receive rc517 (0x205) or rc542 (0x21E) responses to a System SSL gsk_secure_socket_init() function call.
Problem conclusion
CICS has been updated so that a dump is no longer taken for the rc517 and rc542 responses to a System SSL gsk_secure_socket_init() function call. Messages DFHSO0123 and DFHSO0499 will now include the correct explanatory message insert for rc517 and rc542. Additionally, CICS has been updated to correctly handle other SSL return codes, rc464, rc514, rc515, rc523, rc525, rc540. DFHSO0123 has been updated to add new inserts that describe GSK SSL/TLS error codes: rc514, rc515, rc523, rc525, rc464, rc540, rc542, and rc517.
Temporary fix
Comments
APAR Information
APAR number
PH68673
Reported component name
CICS TS Z/OS V6
Reported component ID
5655YA100
Reported release
400
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2025-10-24
Closed date
2026-01-08
Last modified date
2026-01-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UO06406 UO06407 UO06408
Modules/Macros
DFHMESOC DFHMESOE DFHMESOK DFHSOSE
Fix information
Fixed component name
CICS TS Z/OS V6
Fixed component ID
5655YA100
Applicable component levels
R400 PSY UO06408
UP26/01/09 I 1000
R500 PSY UO06407
UP26/01/09 I 1000
R600 PSY UO06406
UP26/01/09 I 1000
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Line of Business":{"code":"LOB70","label":"Z TPS"}}]
Document Information
Modified date:
09 January 2026