A fix is available
APAR status
Closed as program error.
Error description
A SOAP for CICS request comes into CICS over a secure HTTPS connection. It includes HTTP header Connection: close. After the response is sent, CICS will automatically close the socket rather than issue another receive. A SOSE_SECURE_SOC_CLOSE call is made and system SSL sends a message to the SSL partner to indicate that the session is being closed. This completes normally and CICS resets hs_complete as we do not expect to ask system SSL to perform any more SENDs/RECEIVEs of data. . However, before actually closing the socket we attempt to purge any outstanding data on the socket which has not been received. Failure to do this can cause TCPIP to flow a socket error to the remote client. . CICS uses IOCTL to detect that there is some data on the socket so a RECEIVE is issued to discard the data. There is no need to go through system SSL to receive this data. In previous CICS releases, the low-level receive would go directly to the socket for data rather than going through system SSL. . However, CICS TS 3.1 now detects that this is a secure socket in the low-level receive logic. As hs_complete is false, it attempts to initiate a new handshake by issuing a SECURE_SOC_INIT call. This is nonsensical as we have just terminated the SSL session and all we are trying to do is discard data which is still on the socket. . We need to change the purge_recv routine of DFHSOS03 so that the Socket.receive call indicates that data should be received directly from TCPIP without driving system SSL. . External Symptoms for customer may be MSGDFHSO0123 DFHSO0123 SO0123 with return codes of RC439 439, RC431 431 or RC405 405, accompanied afterward by a MSGDFHSO0002 DFHSO0002 SO0002 code X'080C' 080C in DFHSOSE .
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All. * **************************************************************** * PROBLEM DESCRIPTION: When using TCPIPSERVICE with SSL, * * message DFHSO0123 'SSL protocol * * violations' may be issued. * **************************************************************** * RECOMMENDATION: * **************************************************************** A SOAP message is received into CICS on an inbound HTTPS connection with a request Header that contains Connection:close. This will result in the socket being closed after the request has been handled and any data left on the socket will be purged. However, the purge process incorrectly attempts to initiate a new SSL handshake against the socket which is being closed, causing an error and message DFHSO0123 to be issued. The return code in the message will vary depending on the data that was left on the socket. Message DFHSO0002 A severe error (code X'080C') has occurred in module DFHSOSE may also be issued. Additional Keywords : gsk_secure_socket_init HTTPSSL SO0002 MSGDFHSO0123 MSGDFHSO0002
Problem conclusion
DFHSOS03 has been changed so the Socket.receive call in routine purge_recv will receive data directly off the socket rather than calling System SSL.
Temporary fix
FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PK22880
Reported component name
CICSTS 3.1 Z/OS
Reported component ID
5655M1500
Reported release
400
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2006-04-05
Closed date
2006-05-25
Last modified date
2006-06-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK14869
Modules/Macros
DESSOSO DFHSOSOC DFHSOS00 DFHSOS01 DFHSOS02 DFHSOS03 DFHSOS04 DFHSOS05 DFHSOS06 DFHSOS07 DFHSOS08 DFHSOS09 DFHSOS10 DFHSOS11 DFHSOS12 DFHSOS13 DFHSOS14 DFHSOS15 DFHSOS16 DFHSOS17 DFHSOS18 DFHSOS19 DFHSOS20 DFHSOS21 DFHSOS22 DFHSOS23
Fix information
Fixed component name
CICSTS 3.1 Z/OS
Fixed component ID
5655M1500
Applicable component levels
R400 PSY UK14869
UP06/05/31 P F605
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
03 June 2006