A fix is available
APAR status
Closed as program error.
Error description
ATTLSAWARE support was introduced into CPSM at version 5.3. This support was added for CMCI connectivity only. The CPSM WUI does not require ATTLSAWARE support, it only requires to be notified that AT-TLS is being used. This limitation is because the WUI is using absolute URLs which include the http scheme header. . . . Additional Symptom(s) Search Keyword(s): KIXREVxxx
Local fix
n/a
Problem summary
**************************************************************** * USERS AFFECTED: All CICSPlex SM V5R1M0, V5R2M0, V5R3M0 and * * V5R4M0 users. * **************************************************************** * PROBLEM DESCRIPTION: The CICSPlex SM Web User Interface * * (CPSM WUI), does not adhere to the * * correct application protocol when * * running on an Application * * Transparent Transport Layer Security * * (AT-TLS) enabled port. * **************************************************************** * RECOMMENDATION: After applying the PTF that resolves this * * APAR, restart all CPSM WUI servers in the * * CICSPlex. * **************************************************************** The CPSM WUI can use either the HTTP or HTTPS application protocols for sending and receiving data. When the CPSM WUI is configured to run on a port which has been enabled with Application Transparent Transport Layer Security, (AT-TLS), it is not possible for the CPSM WUI to determine that the HTTPS protocol is in use and therefore the CPSM WUI may generate a URL with the HTTP protocol when the client requires HTTPS to satisfy the connection.
Problem conclusion
A new value of ATTLSBASIC for the optional EYUWUI parameter TCPIPSSL has been added which is used to cause the CPSM WUI server to run on ports that are configured to run as AT-TLS ports by z/OS. The following documentation changes have been made: ------------------- For version V5R1M0 and V5R2M0: -> Configuring -> Setting up CICSPlex SM -> Setting up a CICSPlexSM Web User Interface server -> Web User Interface server initialization parameters -> Optional parameters for the WUI -> TCP/IP options The TCPIPSSL option text has been changed to: TCPIPSSL(YES | NO | ATTLSBASIC) Indicates whether you require data encryption between your Web User Interface server and web browser. If you select YES, specify the appropriate system initialization parameters to enable SSL support in the CICS® Web Interface. For more information, See SSL with CICS web support. If TCPIPSSL is set to YES, then TCPIPSSLCERT and TCPIPSSLCIPHERS settings will always apply, unless the optional CMCISSL parameter is set with the NO value. If you select ATTLSBASIC, you must specify a port via the TCPIPPORT EYUWUI parameter which has been enabled for AT-TLS by the z/OS Communications Server. For more information about AT-TLS, refer to the appropriate z/OS Knowledge Center, specifically the section: z/OS Communications Server -> z/OS Communications Sever: IP Programmer's Guide and Reference -> Application Transparent Transport Layer Security (AT-TLS). ------------------- For version V5R3M0 section: CICS Transaction Server for z/OS 5.3.0 -> Configuring -> Setting up CICSPlex SM -> Setting up a CICSPlex SM Web User Interface server -> Web User Interface server initialization parameters -> Optional Parameters for the WUI -> TCP/IP Options and for V5R4M0 section: CICS Transaction Server for z/OS 5.4.0 -> Configuring -> Setting up CICSPlex SM -> Setting up a CICSPlex SM Web User Interface server -> Specifying Web User Interface server initialization parameters -> Optional Parameters for the WUI -> TCP/IP Options The TCPIPSSL option text has been changed to: TCPIPSSL(YES | NO | ATTLSBASIC) Indicates whether you require data encryption between your Web User Interface server and web browser. If you select YES, specify the appropriate system initialization parameters to enable SSL support in the CICS® Web Interface. For more information, See SSL with CICS web support. If TCPIPSSL is set to YES, then TCPIPSSLCERT and TCPIPSSLCIPHERS settings will always apply, unless the optional CMCISSL parameter is set with the NO value. If you select ATTLSBASIC, you must specify a port via the TCPIPPORT EYUWUI parameter which has been enabled for AT-TLS by the z/OS Communications Server. For more information about AT-TLS, refer to the appropriate z/OS Knowledge Center, specifically the section: z/OS Communications Server -> z/OS Communications Sever: IP Programmer's Guide and Reference -> Application Transparent Transport Layer Security (AT-TLS). Furthermore, the CMCI TCPIPSERVICE SSL attribute will be set to ATTLSAWARE if TCPIPSSL(ATTLSBASIC) is specified and has not been set by the CMCISSL parameter.
Temporary fix
Comments
APAR Information
APAR number
PI94706
Reported component name
CICS TS Z/OS V5
Reported component ID
5655Y0400
Reported release
80M
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-03-06
Closed date
2018-05-14
Last modified date
2018-06-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI55829 UI55830 UI55831 UI55832
Modules/Macros
EYU0DVWI EYU0VCTS EYU0VSPI EYU0VWRN EYU0VWXI EYU0VWXP EYU9VCE EYUEVCTL EYUKVCTL EYUSVCTL
Fix information
Fixed component name
CICS TS Z/OS V5
Fixed component ID
5655Y0400
Applicable component levels
R00M PSY UI55831
UP18/05/22 P F805
R10M PSY UI55832
UP18/05/22 P F805
R80M PSY UI55829
UP18/05/23 P F805
R90M PSY UI55830
UP18/05/22 P F805
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
04 June 2018