A fix is available
APAR status
Closed as program error.
Error description
You are running CICS TS 5.1 and receive the following error: DFHSO0001 abend (code 0C4/AKEX) has occurred at offset 04B2 in module DFHSOS22 The failing instruction is an OI instruction: 9610 2014. The abend is occurring due to Reg2 being zeros. Reg2 should be the address of the SOCKET_SSL_DATA. Reg2 was loaded from the Socket object but this has been freed by CIST. CISR is processing a receive request instead of a send. SSL is being used. Additional Symptom(s) Search Keyword(s): KIXREVDAM 0C4 DFHSOSO22 SECURE_SOC_READ CONNECTION_CLOSED ABEND0C4 ABENDS0C4
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All * **************************************************************** * PROBLEM DESCRIPTION: MSGDFHSO0001 ABEND0C4 in DFHSOS22 * * in routine soso_async_receive. * **************************************************************** * RECOMMENDATION: * **************************************************************** DFHSO0001 abend (code 0C4/AKEX) has occurred in routine soso_async_receive in DFHSOS22 when an SSL IPCONN is closed. The CICS system has been started with ENCRYPTION=ALL which supports TLS 1.0, TLS 1.1 and TLS 1.2. The SSL connection established for the IPCONN uses TLS 1.2. The IPCONN is closed by the remote partner. A Drain command is sent by the partner which triggers the attach of a CIST task on CICS to terminate the IPCONN. The partner then closes the socket connection for the IPCONN. As this is a SSL socket, an SSL alert is sent down the socket before it is closed. The arrival of data on the socket is detected by the sockets listener task. A routine called CHECK_FOR_SSL_ALERT is called to detect if a socket closure alert has been sent. CHECK_FOR_SSL_ALERT has code to detect a TLS 1.0 alert but it has no code to detect a TLS 1.1 or TLS 1.2 alert. This results in the data being treated as a normal data flow instead of a socket closure. The consequence of this is that the IPIC receiver task CISR is posted to receive the socket data. This results in a race to receive data (by CISR) and close the socket (by CIST). CISR program checks in DFHSOS22 which has been called for an ASYNC receive. The program check occurs when CISR tries to set the gsk_closed flag in the socket SSL extension. By this time the socket has been closed and deleted by the CIST task.
Problem conclusion
Socket routine CHECK_FOR_SSL_ALERT has been updated to detect TLS 1.1 and TLS 1.2 alerts. DFHSOS22 and DFHSOS07 have been updated to confirm that a socket object sill exists before updating the gsk_closed flag.
Temporary fix
FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PI18968
Reported component name
CICS TS Z/OS V5
Reported component ID
5655Y0400
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-05-29
Closed date
2014-08-21
Last modified date
2015-03-19
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI20761 UI20762
Modules/Macros
DFHSOS07 DFHSOS22
Fix information
Fixed component name
CICS TS Z/OS V5
Fixed component ID
5655Y0400
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
19 March 2015