IBM Support

z/OS V2R5 Communication Server New Function APAR Summary

General Page

New function APAR summary for z/OS V2R5 Communications Server

V2R5 header

For more V2R5 new functions, see z/OS V2R5 Communications Server: New Function Summary.

Application Modernization

 pin Network support for IBM z/OS Container Platform Mar 2024

z/OS® Communications Server provides network communications and network-related services for IBM z/OS Container Platform (zOSCP).

z/OS V2R5 Communications Server, with APAR PH39613, provides network support for zOSCP workload by introducing a new type of VIPARANGE dynamic VIPA (DVIPA) called ZCONTainer. A ZCONTainer DVIPA provides network access for a Pod or a container when a container image is started on z/OS. It also enhances support for several new Language Environment (LE) and UNIX System Services (USS) Callable Services APIs, as well as System Resolver APIs and the Netstat application. With this Communications Server support, containerized z/OS application can now co-exist with native z/OS applications.

Restriction:
IBM z/OS Container Platform support is added for LE APIs, USS Callable Services APIs, and System Resolver APIs only.
Dependencies:
The z/OS Communication Server support for IBM z/OS Container Platform has dependencies on LE, USS and the IBM z/OS Container Platform function. Here’s a list of LE and USS APARs:
  • IP_TTL and gethostname()/sethostname() dependencies - USS OA61799 and LE PH42264
  • UTS namespace, clone()/unshare()/setns() support - USS APAR OA61972, USS APAR OA62757 and LE APAR PH40094
  • Container ID support - USS APAR OA62281
Note:
The Network Configuration Assistant (NCA) cannot be used to update the TCP/IP profile. If you are currently using NCA to manage your TCP/IP profile, the recommended method to configure these new VIPARANGE DVIPAs is to create a new TCP/IP profile data set that has an INCLUDE statement for the NCA-generated TCP/IP profile data set, followed by an INCLUDE statement for a second TCP/IP profile data set with the VIPARANGE DVIPA ZCONTainer definitions. See z/OS Communications Server: IP Configuration Reference for more information about the INCLUDE statement.

Enhancing security

pin z/OS UNIX syslogd support for secure logging over TCP June 2023

z/OS® V2R5 Communications Server with APAR PH47666 provides syslog daemon support to receive and send messages over the network using TCP. These TCP connections can be protected with AT-TLS. The syslog daemon supports receiving and sending messages with octet-counted framing over TCP connections. With Communications Server APAR PH56548, the syslogd daemon also supports receiving messages with non-transparent (traditional) framing.

Restriction:
The syslog daemon does not support sending messages with non-transparent (traditional) framing over TCP connections.
Dependencies:
Syslogd is an AT-TLS aware application. To secure messages received by syslogd over a TCP connection, an AT-TLS server rule must be configured for the connection. To secure messages sent by syslogd over a TCP connection, an AT-TLS client rule must be configured for the connection.

pin AT-TLS currency with System SSL June 2023

z/OS V2R5 Communications Server with APAR PH49284 provides AT-TLS support for the following functions:

  • TLS Version 1.3 sysplex session ticket support
  • Domain-based server certificate validation during an SSL/TLS session negotiation
With APAR PH53064, you can configure these functions in IBM Network Configuration Assistant for z/OS Communications Server.
Dependencies:
  • To use TLS Version 1.3 sysplex session tickets:
    • z/OS V2R5 System SSL APAR OA63252 is required.
    • GSKSRVR must be started for all systems in the sysplex acting as AT-TLS servers for the workload.
  • To use domain-based server certificate validation, z/OS V2R5 System SSL APAR OA63164 is required.

pin AT-TLS support for x25519 and x448 key exchange for TLSv1.2 July 2022

z/OS V2R5 Communications Server with APAR PH45902 provides AT-TLS support for a TLSv1.2 server to specify which elliptic curves can be used for the handshake key exchange when an ephemeral ECDH (Elliptic curve Diffie-Hellman) cipher is used. Support is also added for the x25519 and x448 curves for TLSv1.2 handshake key exchange.
These updates also apply to TLSv1.0 and TLSv1.1.

Restriction:
For TLSv1.0, TLSv1.1, and TLSv1.2, curves x25519 and x448 are not enabled by default and must be configured explicitly both for the AT-TLS client and server.
Dependencies:
z/OS V2R5 System SSL APAR OA61783 is required.

pin  IBM zERT Network Analyzer passphrase and password management support June 2022

The IBM zERT Network Analyzer with APAR PH43119 for z/OS V2R5 supports the use of passphrases up to 100 characters to connect to the Db2 for z/OS database. The IBM zERT Network Analyzer includes additional enhancements in the Database Settings panel to clear existing database credentials to allow for easier switching to a different database user ID.

pin Support for SMF compliance evidence May 2022

z/OS® V2R5 Communications Server with APAR PH37372 generates new SMF type 1154 records that provide compliance evidence for the TCP/IP stack (subtype 1), FTP daemon (subtype 2), TN3270E Telnet server (subtype 3), and CSSMTP client (subtype 4).

Restriction:
z/OS APARs OA61443 and OA61444 are required to support the new ENF 86 signal.
Dependencies:
  • The TCP/IP stack must be active to provide the TCP/IP stack compliance evidence SMF record.
  • The FTP daemon must be active to provide the FTP daemon compliance evidence SMF record.
  • The TN3270E Telnet server must be active to provide TN3270E Telnet server compliance evidence SMF records (one per server port).
  • CSSMTP must be active to provide the CSSMTP client compliance evidence record.

 pin FTP server JES access control March 2022

z/OS V2R5 Communications Server, with APAR PH42618, supports a new SAF resource in the SERVAUTH class to control which users are allowed to access FTP JES mode. When the SERVAUTH class is active and a profile is defined for the EZB.FTP.sysname.ftpdaemonname.ACCESS.JES SAF resource, only users with permission to the profile are allowed to access FTP JES mode.

Dependencies:
The SERVAUTH class must be active for the EZB.FTP.sysname.ftpdaemonname.ACCESS.JES SAF resource to provide access controls.

Simplification

pin  Communications Server exploitation of the IBM Function Registry for z/OS Dec 2022

z/OS® V2R5 Communications Server, with SNA APAR OA63555, is enhanced to register VTAM general information with the IBM Function Registry for z/OS. This information allows you to understand the extent of SNA application activity in your network.

pin IBM Health Checker for the removal of VTAM LSA Architecture Dec 2021

z/OS V2R5 Communications Server, with SNA APAR OA62208, provides a new migration health check to use with the IBM Health Checker for z/OS function. The migration health check identifies if VTAM Link Station Architecture (LSA) devices are in use. These devices are configured with MEDIUM=CSMACD in the XCA major node PORT statement.
Support for VTAM Link Station Architecture (LSA) devices will be withdrawn in a future release of the IBM z/OS Communications Server.

Dependencies:
To use the IBM Health Checker for the removal of VTAM LSA Architecture, perform the following steps:
  • Apply the appropriate PTF for SNA APAR OA62208
  • Start the IBM Health Checker for z/OS

pin IBM Health Checker for the removal of DEVICE, LINK, and HOME for OSA Express connectivity December 2021

z/OS V2R5 Communications Server, with SNA APAR OA62208 and TCP/IP APAR PH40875, provides a new migration health check to use with the IBM Health Checker for z/OS function. The migration health check identifies if TCP/IP profile statements DEVICE, LINK, and HOME for OSA-Express connectivity are in use.
Support for DEVICE/LINK/HOME TCP/IP profile statements for OSA-Express connectivity will be withdrawn in a future release of IBM z/OS Communications Server.

Dependencies:
To use the IBM Health Checker for the removal of DEVICE, LINK, and HOME for OSA-Express connectivity, perform the following steps:
  • Apply the appropriate PTF for SNA APAR OA62208
  • Apply the appropriate PTF for TCP/IP APAR PH40875
  • Start the IBM Health Checker for z/OS

Application Development

 pin ReplaceSubjectAtSign configuration option for CSSMTP Dec 2023

z/OS® V2R5 with TCP/IP APAR PH56747 enables customization of the Communications Server SMTP (CSSMTP) processing of the at sign (@) symbol in the mail message subject line. The existing AtSign option allows CSSMTP to recognize a different character as the industry standard at sign (@) symbol and replace it in the mail message commands and headers. You can use the new option ReplaceSubjectAtSign to indicate whether the mail message subject line should be updated or not.

Hardware support

 pin OSA-Express Enhanced Inbound Blocking June 2022

z/OS® V2R5 Communications Server, with TCP/IP APAR PH44281 and SNA APAR OA62831, OSA-Express
Enhanced Inbound Blocking (EIB) is a QDIO performance enhancement that might be beneficial for OSA interfaces with
a high volume of inbound network bulk or streaming traffic.

Restrictions:
QDIO Enhanced Inbound Blocking is supported on OSA-Express7s on z15® or later systems (with supporting MCL) and
subsequent systems only.

pin  Communications Server support for RoCE Express3 April 2022

z/OS V2R5 Communications Server, with TCP/IP APAR PH34117 and SNA APAR OA60855, extends the Shared Memory Communications over Remote Direct Memory Access (SMC-R) function to support the next generation IBM RoCE Express3 feature. The IBM RoCE Express3 feature allows TCP/IP stacks on different LPARs within the same central processor complex (CPC) to leverage the power of these state-of-the-art adapters to optimize network connectivity for mission critical workloads by using Shared Memory Communications technology.

Incompatibilities:
This function does not support IPAQENET interfaces that are defined by using the DEVICE, LINK, and HOME statements. Convert your IPAQENET definitions to use the INTERFACE statement to enable this support.

Dependencies:
This function requires the IBM® or later systems. To enable the z/OS Communications Server support for RoCE Express3 features, complete the appropriate tasks in the following table.
If you have any comments or questions about New Function APAR Summary, send an email to comsvrcf@us.ibm.com.

[{"Type":"MASTER","Line of Business":{"code":"LOB56","label":"Z HW"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG90","label":"z\/OS"},"ARM Category":[{"code":"a8m0z0000000AW3AAM","label":"z\/OS Comm Server"}],"Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"2.5.0"}]

Document Information

Modified date:
27 March 2024

UID

ibm16562395

Page Feedback