IBM Support

PI94706: CPSM: CPSM, WEB USER INTERFACE (WUI) AND ATTLSAWARE SUPPORT

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • ATTLSAWARE support was introduced into CPSM at version 5.3.
This support was added for CMCI connectivity only.  The CPSM
WUI does not require ATTLSAWARE support, it only requires to be
notified that AT-TLS is being used.  This limitation is because
the WUI is using absolute URLs which include the http scheme
header.
.
.
.
Additional Symptom(s) Search Keyword(s): KIXREVxxx

Local fix

  • n/a

Problem summary

  • ****************************************************************
* USERS AFFECTED: All CICSPlex SM V5R1M0, V5R2M0, V5R3M0 and   *
*                 V5R4M0 users.                                *
****************************************************************
* PROBLEM DESCRIPTION: The CICSPlex SM Web User Interface      *
*                      (CPSM WUI), does not adhere to the      *
*                      correct application protocol when       *
*                      running on an Application               *
*                      Transparent Transport Layer Security    *
*                      (AT-TLS) enabled port.                  *
****************************************************************
* RECOMMENDATION: After applying the PTF that resolves this    *
*                 APAR, restart all CPSM WUI servers in the    *
*                 CICSPlex.                                    *
****************************************************************
The CPSM WUI can use either the HTTP or HTTPS application
protocols for sending and receiving data.
When the CPSM WUI is configured to run on a port which has
been enabled with Application Transparent Transport Layer
Security, (AT-TLS), it is not possible for the CPSM WUI to
determine that the HTTPS protocol is in use and therefore the
CPSM WUI may generate a URL with the HTTP protocol when the
client requires HTTPS to satisfy the connection.

Problem conclusion

  • A new value of ATTLSBASIC for the optional EYUWUI parameter
TCPIPSSL has been added which is used to cause the CPSM WUI
server to run on ports that are configured to run as AT-TLS
ports by z/OS.

The following documentation changes have been made:
-------------------
For version V5R1M0 and V5R2M0:
 -> Configuring
  -> Setting up CICSPlex SM
   -> Setting up a CICSPlexSM Web User Interface server
    -> Web User Interface server initialization parameters
     -> Optional parameters for the WUI
      -> TCP/IP options

The TCPIPSSL option text has been changed to:

TCPIPSSL(YES | NO | ATTLSBASIC)
Indicates whether you require data encryption between your Web
User Interface server and web browser.  If you select YES,
specify the appropriate system initialization parameters to
enable SSL support in the CICS® Web Interface.  For more
information, See SSL with CICS web support.
If TCPIPSSL is set to YES, then TCPIPSSLCERT and
TCPIPSSLCIPHERS settings will always apply, unless the
optional CMCISSL parameter is set with the NO value.  If you
select ATTLSBASIC, you must specify a port via the TCPIPPORT
EYUWUI parameter which has been enabled for AT-TLS by the z/OS
Communications Server.  For more information about AT-TLS,
refer to the appropriate z/OS Knowledge Center, specifically
the section:
z/OS Communications Server -> z/OS Communications Sever: IP
Programmer's Guide and Reference -> Application Transparent
Transport Layer Security (AT-TLS).

-------------------
For version V5R3M0 section:
CICS Transaction Server for z/OS 5.3.0
-> Configuring
 -> Setting up CICSPlex SM
  -> Setting up a CICSPlex SM Web User Interface server
   -> Web User Interface server initialization parameters
    -> Optional Parameters for the WUI
     -> TCP/IP Options
and for V5R4M0 section:
CICS Transaction Server for z/OS 5.4.0
-> Configuring
 -> Setting up CICSPlex SM
  -> Setting up a CICSPlex SM Web User Interface server
   -> Specifying Web User Interface server initialization
      parameters
    -> Optional Parameters for the WUI
     -> TCP/IP Options

The TCPIPSSL option text has been changed to:

TCPIPSSL(YES | NO | ATTLSBASIC)
Indicates whether you require data encryption between your Web
User Interface server and web browser.  If you select YES,
specify the appropriate system initialization parameters to
enable SSL support in the CICS® Web Interface.  For more
information, See SSL with CICS web support.
If TCPIPSSL is set to YES, then TCPIPSSLCERT and
TCPIPSSLCIPHERS settings will always apply, unless the
optional CMCISSL parameter is set with the NO value.  If you
select ATTLSBASIC, you must specify a port via the TCPIPPORT
EYUWUI parameter which has been enabled for AT-TLS by the z/OS
Communications Server.  For more information about AT-TLS,
refer to the appropriate z/OS Knowledge Center, specifically
the section:
z/OS Communications Server -> z/OS Communications Sever: IP
Programmer's Guide and Reference -> Application Transparent
Transport Layer Security (AT-TLS).
Furthermore, the CMCI TCPIPSERVICE SSL attribute will be set
to ATTLSAWARE if TCPIPSSL(ATTLSBASIC) is specified and has not
been set by the CMCISSL parameter.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PI94706
    • 

  • Reported component name
    CICS TS Z/OS V5
    • 

  • Reported component ID
    5655Y0400
    • 

  • Reported release
    80M
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2018-03-06
    • 

  • Closed date
    2018-05-14
    • 

  • Last modified date
    2018-06-04
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    
PI90663
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UI55829 UI55830 UI55831 UI55832
    

    • 



Modules/Macros


    

  • EYU0DVWI EYU0VCTS EYU0VSPI EYU0VWRN EYU0VWXI EYU0VWXP EYU9VCE
EYUEVCTL EYUKVCTL EYUSVCTL

    



Fix information


    

  • Fixed component name
    CICS TS Z/OS V5
    • 

  • Fixed component ID
    5655Y0400
    • 



Applicable component levels


    

  • R00M  PSY  UI55831
       UP18/05/22  P  F805
    • 

  • R10M  PSY  UI55832
       UP18/05/22  P  F805
    • 

  • R80M  PSY  UI55829
       UP18/05/23  P  F805
    • 

  • R90M  PSY  UI55830
       UP18/05/22  P  F805
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            04 June 2018
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback