A fix is available
APAR status
Closed as program error.
Error description
You have recently migrated to CICS TS 5.4, and start seeing the DFHSO0123 message regarding your TCPIPSERVICE, in one of 2 forms: DFHSO0123 Return code 402 received from function gsk_secure_socket_init of System SSL. Reason: No common ciphers negotiated. Peer: xxx.xxx.xxx.xxx, TCPIPSERVICE: tcpserv. DFHSO0123 Return code 415 received from function gsk_secure_socket_init of System SSL. Reason: SSL protocol violation. Peer: xxx.xxx.xxx.xxx, TCPIPSERVICE: tcpserv. You are using a cipher file specification, and when you examine it via CEMT INQ TCPIPSERVICE, you see the value "4040404040...." instead of the cipher filename. If you reinstall the TCPIPService, the cipher file is correctly displayed, and gsk errors cease. A dump taken during the time of the error shows (in the SO domain) the correct filename and cipher numbers in the CIPHER LIST BLOCKS. On the FIRST warm start of your region, your TCPIPSERVICE would not be affected. However for the second and subsequent WARM starts, you would face this issue. Additional Keywords and Symptoms: Upgrade2CICS54 kixrevdam
Local fix
Reinstall the TCPIPSERVICE
Problem summary
**************************************************************** * USERS AFFECTED: All CICS Users * **************************************************************** * PROBLEM DESCRIPTION: Message DFHSO0123 is issued during a * * CICS warm restart because TCPIPSERVICE * * CIPHERS is all SPACES (x'40'). * **************************************************************** * RECOMMENDATION: . * **************************************************************** The TCPIPSERVICE CIPHERS field is not restored on a CICS warm restart and applications fail with the following error messages because the ciphers field is all SPACES (x'40'). . DFHSO0123 Return code 402 received from function gsk_secure_socket_init of System SSL. Reason: No common ciphers negotiated. Peer: xxx.xxx.xxx.xxx, TCPIPSERVICE: tcpserv. . DFHSO0123 Return code 415 received from function gsk_secure_socket_init of System SSL. Reason: SSL protocol violation. Peer: xxx.xxx.xxx.xxx, TCPIPSERVICE: tcpserv. . Additional keywords: msgDFHSO0123 CEMT EXEC CICS INQUIRE
Problem conclusion
DFHSOAD has been changed to restore TCPIPSERVICE cipher file names from the CICS catalog correctly on a warm restart.
Temporary fix
Comments
APAR Information
APAR number
PI96570
Reported component name
CICS TS Z/OS V5
Reported component ID
5655Y0400
Reported release
100
Status
CLOSED PER
PE
NoPE
HIPER
YesHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-04-11
Closed date
2018-04-24
Last modified date
2018-05-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI55409
Modules/Macros
DFHSOAD
Fix information
Fixed component name
CICS TS Z/OS V5
Fixed component ID
5655Y0400
Applicable component levels
R100 PSY UI55409
UP18/04/25 P F804 ¢
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.4","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.4","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
01 May 2018