IBM Support

MF53520 - OSP-LOOP ETHERNET ADAPTER GOES INTO AN UNRESPONSIVE STATE CA

PTF Cover Letter


PTF ( Program Temporary Fixes ) Cover letter


Order this fix

Abstract

OSP-LOOP ETHERNET ADAPTER GOES INTO AN UNRESPONSIVE STATE CA


Pre/Co-Requisite PTF / Fix List

REQ  LICENSED      PTF/FIX  LEVEL

TYPE PROGRAM  REL  NUMBER   MIN/MAX  OPTION
---- -------- ---  -------  -------  ------
CO   5770999  710  MF48825   00/00    0000
CO   5770999  710  MF48824   00/00    0000



NOTICE:
-------
Application of this PTF may disable or render ineffective programs that
use system memory addresses not generated by the IBM translator,
including programs that circumvent control technology designed to limit
interactive capacity to purchased levels.  This PTF may be a prerequisite
for future PTFs.  By applying this PTF you authorize and agree to the
foregoing.

This PTF is subject to the terms of the 'IBM License Agreement for Machine
Code', the terms of which were provided in a printed document that was
delivered with the machine.

SUBJECT TO ANY WARRANTIES WHICH CAN NOT BE EXCLUDED OR EXCEPT AS EXPLICITLY
AGREED TO IN THE APPLICABLE LICENSE AGREEMENT OR AN APPLICABLE SUPPORT
AGREEMENT, IBM MAKES NO WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR CONDITIONS OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON INFRINGEMENT,
REGARDING THE PTF.


APAR Error Description / Circumvention

-------------------------------------------------
Ethernet adapter goes into an unresponsive state causing all
traffic on that line, including web traffic to be halted.

CORRECTION FOR APAR 'MA41099' :
-------------------------------
The code path has been corrected to prevent System SSL from
getting in a processing loop.  If the task associated with the
adapter is already in the processing loop, an IPL is necessary
to recover.

CIRCUMVENTION FOR APAR 'MA41099' :
----------------------------------
None.


Activation Instructions


None.




Special Instructions


********************************************************************
THE FOLLOWING ARE SUPERSEDED SPECIAL INSTRUCTIONS. IF THE SUPERSEDED
PTF HAS ALREADY BEEN APPLIED AND ITS SPECIAL INSTRUCTION FOLLOWED,
IT IS NOT NECESSARY TO FOLLOW THAT SPECIAL INSTRUCTION AGAIN.
********************************************************************

SPECIAL INSTRUCTIONS FOR SUPERSEDED PTF MF49131:
================================================

The IETF has published RFC 5746 Transport Layer Security (TLS) -
Renegotiation Indication Extension.  RFC 5746 defines a mechanism to
implement TLS/SSL handshake renegotiation securely.  Use of RFC 5746
replaces the industry wide interim solution of disabling all
renegotiation implemented after the weakness was discovered.

After applying this PTF, System SSL will allow SSL V3 or TLS V1 session
renegotiation with peers that have implemented RFC 5746.  Session
renegotiation with peers that do not support RFC 5746 reverts back to
the interim disablement solution.  By default, unsecured renegotiation
will continue to not be allowed.  Use the special instructions for
-sslRenegotiation to control how unsecured negotiation is handled by
System SSL.

Information APAR II14533 has been updated to reflect RFC 5746 support.
Read RFC 5746 for additional details if interested in the underlying
TLS protocol changes to correct the weakness.

A method for administrators to control how restrictive System SSL is in
the enforcement of RFC 5746 is available.  System SSL can be made to
force all negotiations to require RFC 5746, not just re-negotiations.
This would only be practical after all desired communication partners
have implemented RFC 5746.

To change the RFC 5746 restrictiveness of System SSL with the Start
System Service Tools (STRSST) command, follow these steps:
1. Open a character-based interface.
2. On the command line, type STRSST.
3. Type your service tools user name and password.
4. Select option 1 (Start a service tool).
5. Select option 4 (Display/Alter/Dump).
6. Select option 1 (Display/Alter storage).
7. Select option 2 (Licensed Internal Code (LIC) data).
8. Select option 14 (Advanced analysis).
9. Select option 1 (IPCONFIG).
10. Enter one or both of the following strings as shown below to change
the System SSL behavior to the desired setting.

-sslRfc5746NegotiationRequiredClient:on  (defaults to Off)

Causes the SSL Client to only connect if the SSL Server
indicates support for RFC 5746 Renegotiation.
Warning - setting this to 'On' will cause
interoperability problems with servers that have not
been updated.

-sslRfc5746NegotiationRequiredServer:on (defaults to Off)

Causes the SSL Server to only connect if the SSL Client
indicates support for RFC 5746 Renegotiation.
Warning - setting this to 'On' will cause
interoperability problems with clients that have not
been updated.

To change the unsecured renegotiation ability of System SSL with the
Start System Service Tools (STRSST) command, follow steps 1-9 above,
then issue one of the following three strings as shown below.  Note
this only has meaning for peers that do not support RFC 5746.
-sslRenegotiation:NONE - Default value

No unsecured handshake renegotiation is allowed

-sslRenegotiation:ABBREVIATED

Overrides and allows unsecured abbreviated handshake
during renegotiation when session continuity is proven.

-sslRenegotiation:ALL - Default prior to PTF

Overrides and allows unsecured full handshake and
unsecured abbreviated handshake during renegotiation


Default Instructions

THIS PTF CAN BE APPLIED IMMEDIATE OR DELAYED.



Supersedes

PTF/FIX NO(S).  APAR TITLE LINE
--------------  ------------------------------------------------------------
   MF53262      LIC-COMM-OTHER-UNPRED SSL HEAP NOT RELEASED
   MF51036      LIC-COMM-TCPIP-INCORROUT SSL_ERROR_BAD_STATE ERROR -21
   MF50363      LIC-COMM-INCORROUT Invalid Response to SSLv2 Client Hello
   MF49131      LIC-COMM-SSL Support RFC5746
   MF48823      Integrity Problem
   MF53418      LIC-COMM-TCPIP IOCM TASKS TAKE HIGH CPU IN LOSOCKETSECURE
   MF51026      OSP-PAR-SSL javax.net.ssl.SSLException: Unknown error 6507

Summary Information

System..............................i
Models..............................
Release.............................V7R1M0
Licensed Program...............5770999
APAR Fixed..........................View details for APAR MA41099
Superseded by:......................View fix details for PTF MF99011
Recompile...........................N
Library.............................QSYS
MRI Feature ........................NONE
Cum Level...........................C1270710


System i Support

IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright © 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the Terms of use link for trademark information.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG15V","label":"PTF Cover Letters - OS\/400 General"},"Component":"","ARM Category":[],"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"V7R1M0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG16D","label":"PTF Cover Letters - IBM i 7.1 environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"V7R1M0","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
24 June 2011