IBM Support

PQ85905: TELNET SSL CLIENT ERROR DURING HANDSHAKE PROCESSING RESULTS IN LOW CORE OVERLAY.

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Telnet client begins a connection.  The HandShake completes and
the Server is expecting normal data from the client.  However,
the client sends in a surprise SSL V2 Client Hello. This results
in an overlay of the CVT by OMVS due to a call by SSL with an
OAPB of X'800000'.
.
.
Sample Traceback data from a dump would resemble:
.
Entry         E Addr    E  Offset Stmt   Load Mod   Status
getpid        06C25FB0  -06C25FAA        CEEEV003   Call
gsk_getpid()  3A238EC8  +00000052        GSKNM002   Call
SetNewSessionID(unsigned char*,unsigned int,long,SSLSockAddr
              3A057A90  +00000198        GSKNM006   Call
SSLSIDCache::getSessionData(SSLSessionHandle*,const unsigned
              3A0627B0  +000004FE        GSKNM006   Call
sidCacheLookup(int,SSLSessionHandle*,unsigned int*,const uns
              3A0589D8  +000001EE        GSKNM006   Call
SendV3ServerHello(SSLHandle*)
              3A070F20  +000006E0        GSKNM006   Call
SSL_Receive(SSLHandle*,void*,int)
              3A06AA70  +00000696        GSKNM006   Call
gsk_secure_soc_read
              39FAD320  +00000514        GSKNM006   Call
SKREAD1       3954BF68  +00000086        EZBTTSSL   Call
SKREAD        3954D8E0  +00000090        EZBTTSSL   Call
CEEPIPI       00019A98  +000051D2        CEEPIPI    Call

Local fix

  • Identify failing ipaddr contained in console error message
  EZZ6034I TELNET CONN nnnnnnnn LU **N/A** CONN DROP ERR 6002
           IPADDR..PORT
Disconnect from network.

Problem summary

  • ****************************************************************
* USERS AFFECTED: All users of Communications Server           *
*                 for OS390 Release  10, z/OS Version 1        *
*                 Release 2, Version 1 Release 4 and           *
*                 Version 1 Release 5 IP Telnet                *
*                 facilities.                                  *
****************************************************************
* PROBLEM DESCRIPTION: Numerous abends occur in many tasks     *
*                      after the CVT is overlaid by OMVS due   *
*                      to an OAPB Reg2 having X'80000000' in   *
*                      it.                                     *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
ABEND0C6 in Catalog task and ABEND0C4 in BPX1JSRB due to having
a call in SRB mode from SSL with the OAPB pointer is
X'80000000'. OMVS overlays the CVT then. Many tasks abend
following this, and the system must be IPLed to get out of it.
A client connects to Telnet over a secure port and SSL is set
up. After the handshake is complete, the client sends in
a SSLV2 Cclient Hello (X'804601'). This gets passed to System
SSL, where a new socket is attempted and a Getpid call
is made to OMVS where the overlay occurs.  Telnet already
prevents this for an SSLV3 client.

+-------------------------------------------------------------+
+ Please check our Communications Server for OS/390 homepages +
+ for common networking tips and fixes.  The URL for these    +
+ homepages can be found in Informational APAR II11334.       +
+-------------------------------------------------------------+

Problem conclusion

  • EZBTTSRV will be changed to check for the SSLV2 Client Hello
and if Handshake is already complete, will close the
connection with error return code of 6018.
This will prevent the overlay from being done.

* Cross Reference between External and Internal Names

Temporary fix

  • *********
* HIPER *
*********

Comments

  • 



APAR Information




    

  • APAR number
    PQ85905
    • 

  • Reported component name
    TCP/IP V3 MVS
    • 

  • Reported component ID
    5655HAL00
    • 

  • Reported release
    120
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    YesHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2004-03-11
    • 

  • Closed date
    2004-03-16
    • 

  • Last modified date
    2004-05-05
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UQ86270 UQ86271 122PC5Ÿ UQ86272 102PC0Ÿ UQ86273 102PC0Ÿ PQ88133
    

    • 



Modules/Macros


    

  • EZBTTSRV EZBZTPCD

    



Fix information


    

  • Fixed component name
    TCP/IP V3 MVS
    • 

  • Fixed component ID
    5655HAL00
    • 



Applicable component levels


    

  • R120  PSY  UQ86270
       UP04/04/08  P  F404  Ž
    • 

  • R140  PSY  UQ86271
       UP04/04/08  P  F404  Ž
    • 

  • R150  PSY  UQ86272
       UP04/04/08  P  F404  Ž
    • 

  • R50A  PSY  UQ86273
       UP04/04/08  P  F404  Ž
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"120","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"120","Edition":"","Line of Business":{"code":"","label":""}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            05 May 2004
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback