PTF Cover Letter
PTF ( Program Temporary Fixes ) Cover letter
INCORROUT-TCPIP IKEv2 responder not protecting IKE_AUTH w/No
Pre/Co-Requisite PTF / Fix List
REQ LICENSED PTF/FIX LEVEL
TYPE PROGRAM REL NUMBER MIN/MAX OPTION
---- -------- --- ------- ------- ------
NONE
NOTICE:
-------
Application of this PTF may disable or render ineffective programs that
use system memory addresses not generated by the IBM translator,
including programs that circumvent control technology designed to limit
interactive capacity to purchased levels. This PTF may be a prerequisite
for future PTFs. By applying this PTF you authorize and agree to the
foregoing.
This PTF is subject to the terms of the license agreement which
accompanied, or was contained in, the Program for which you are obtaining
the PTF. You are not authorized to install or use the PTF except as part
of a Program for which you have a valid Proof of Entitlement.
SUBJECT TO ANY WARRANTIES WHICH CAN NOT BE EXCLUDED OR EXCEPT AS EXPLICITLY
AGREED TO IN THE APPLICABLE LICENSE AGREEMENT OR AN APPLICABLE SUPPORT
AGREEMENT, IBM MAKES NO WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR CONDITIONS OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON INFRINGEMENT,
REGARDING THE PTF.
The applicable license agreement may have been provided to you in printed
form and/or may be viewed using the Work with Software Agreements (WRKSFWAGR)
CL command.
APAR Error Description / Circumvention
-----------------------------------------------
If 'i' as a responder for IKEv2 detects an error such as
NO_PROPOSAL_CHOSEN or TS_UNACCEPTABLE on IKE_AUTH, it appends
the notify to IKE_AUTH reply, but doesn't protect the message.
CORRECTION FOR APAR SE47452 :
-----------------------------
With PTF, IKE_AUTH is protected.
CIRCUMVENTION FOR APAR SE47452 :
--------------------------------
None.
Activation Instructions
None.
Special Instructions
Perform the following after PTF is applied/removed:
endtcpsvr *vpn
strtcpsvr *vpn
********************************************************************
THE FOLLOWING ARE SUPERSEDED SPECIAL INSTRUCTIONS. IF THE SUPERSEDED
PTF HAS ALREADY BEEN APPLIED AND ITS SPECIAL INSTRUCTION FOLLOWED,
IT IS NOT NECESSARY TO FOLLOW THAT SPECIAL INSTRUCTION AGAIN.
********************************************************************
SPECIAL INSTRUCTIONS FOR SUPERSEDED PTF SI41907 :
=================================================
After apply/remove this PTF, perform the following:
endtcpsvr *vpn
strtcpsvr *vpn
SPECIAL INSTRUCTIONS FOR SUPERSEDED PTF SI41473 :
=================================================
After load/remove this PTF, perform the following:
endtcpsvr *vpn
strtcpsvr *vpn
SPECIAL INSTRUCTIONS FOR SUPERSEDED PTF SI39929 :
=================================================
After apply/remove of this PTF, perform the following
endtcpsvr *vpn
strtcpsvr *vpn
SPECIAL INSTRUCTIONS FOR SUPERSEDED PTF SI38988 :
=================================================
After apply/remove of this PTF, perform the following:
endtcpsvr *vpn
strtcpsvr *vpn
SPECIAL INSTRUCTIONS FOR SUPERSEDED PTF SI36896 :
=================================================
After PTF apply/remove, perform the following:
endtcpsvr *vpn
strtcpsvr *vpn
Default Instructions
THIS PTF CAN BE APPLIED IMMEDIATE OR DELAYED.
Supersedes
PTF/FIX NO(S). APAR TITLE LINE
-------------- ------------------------------------------------------------
SI41907 TCPIP-INCORROUT IKEv2 cfg addr not freed after Win7 disc
SI41473 OSP-COMM-TCPIP-OTHER-UNPRED IKE SERVER CRASHES
SI41203 TCPIP-INCORROUT IKEv2 sending incorrect TS for subnet
SI39929 TCPIP-INCORROUT memory leak in VPN IKEv2
SI39929 TCPIP-INCORROUT handle unknown Notify error in IKE_AUTH
SI39929 TCPIP-INCORROUT IKEv2 fails if no CERTREQ
SI39929 TCPIP-INCORROUT IKE_SA_INIT reply when response set
SI39243 TCPIP-INCORROUT Flag AES-XCBC-MAC unsupported for IKEv1
SI38988 TCPIP-INCORROUT VPN conn still enabled after IKE_SA delete
SI38560 TCPIP-INCORROUT Ping to Strongswan fails after IKE_SA expire
SI38560 TCPIP-INCORROUT Preshared key auth fails w/ AES-XCBC-MAC
SI38476 TCPIP-INCORROUT Connection fails to IKEv2 Linux with AES-XCB
SI38476 TCPIP-INCORROUT IKEv1 request times out if IKEv2 traffic
SI38391 TCPIP-INCORROUT IKE_AUTH ICV check fails
SI36896 OSP-COMM-TCPIP-OTHER-INCORROUT QTOKVPNIKE HIGH CPU
SI36896 TCPIP-INCORROUT IKEv2 invalid KE payload
SI36896 OSP-COMM-TCPIP MSGTCP8745 TIMING ISSUES WITH VPN CONNECTIONS
SI36896 TCPIP-INCORROUT process COOKIE payload
SI36546 TCPIP-INCORROUT Ikev2 Second conn start treated as rekey
SI36546 TCPIP-INCORROUT IKEv2 error notify replies
SI36546 TCPIP-INCORROUT Narrowed protocol from connection properties
Summary Information
System.............................. i
Models..............................
Release............................. V7R1M0
Licensed Program.................... 5770SS1
APAR Fixed.......................... View details for APAR SE47452
Superseded by:...................... View fix details for PTF SI80252
Recompile........................... N
Library............................. QSYS
MRI Feature ........................ NONE
Cum Level........................... C2115710
IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright © 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022 IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the Terms of use link for trademark information.
Was this topic helpful?
Document Information
Modified date:
17 June 2022