IBM Support

PK87387: UNABLE TO SPECIFY PREFERRED CIPHER VALUES ON GENERATED TCPIPSERVICE IN CPSM WUI SERVER

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When a WUI Server initializes, CPSM automatically creates and
    installs a TCPIPSERVICE definition based on parameters specified
    in the EYUWUI DD input.  There are parameters to allow the user
    to specify what the host, whether SSL is to be used, and what
    port:
    .
    TCPIPHOSTNAME
    TCPIPSSL
    TCPIPPORT
    .
    However, if SSL is enabled, the TCPIPService definition gets
    created with a Cipher Suite based on the value of the ENCRYPTION
    SIT parameter (STRONG, MEDIUM, or WEAK.)
    .
    If a specific set of ciphers is needed, in a specific order,
    there is no current method for the user to specify those values.
    .
    Additional Symptom(s) Search Keyword(s): KIXREVRBD
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All CICSPlex SM V4R1M0 Users.                *
    ****************************************************************
    * PROBLEM DESCRIPTION: - The CICSPlex SM Web User Interface    *
    *                        (WUI) server cannot be configured to  *
    *                        specify the minimum set of SSL cipher *
    *                        suites supported for SSL based        *
    *                        communications.                       *
    *                                                              *
    *                      - Message :                             *
    *                                                              *
    *                        EYUVS0105E <applid> INVALID RECORD IN *
    *                        PARAMETER DATASET.                    *
    *                                                              *
    *                        will be produced by the WUI when a    *
    *                        parameter value is specified that is  *
    *                        greater than 32 and less than 45      *
    *                        bytes in length.                      *
    ****************************************************************
    * RECOMMENDATION: After applying the PTF that resolves this    *
    *                 APAR, all Web User Interface servers must    *
    *                 be recycled to pick up the new code.  Note   *
    *                 that the restarts do not need to be done at  *
    *                 the same time.                               *
    ****************************************************************
    - The CICSPlex SM WUI automatically generates the CICS
      TCPIPSERVICE definition that is used for the server based on
      various TCPIP related WUI server initialization parameters.
    
      As the TCPIPSERVICE CIPHERS attribute does not have an
      equivalent WUI server initialization parameter the
      TCPIPSERVICE CIPHERS attribute will always default to a value
      based on the ENCRYPTION SIT parameter used by the WUI server.
    
      This means that customers cannot remove / reorder the cipher
      suites that are used as part of the SSL negotiation between
      the WUI server and the web browser.
    
    - When the CICSPlex SM WUI parameter service was changed to
      allow 44 byte parameter values (principally for TCPIPHOSTNAME
      and AUTOIMPORTDSN) some of the length validation was not
      updated, which causes a parameter validation failure that
      causes message EYUVS0105E to be issued.
    

Problem conclusion

  • - EYU0VSPI (VSPI - WUI Parameter Service) has been changed to
      define a new WUI server initialization parameter called
      TCPIPSSLCIPHERS.
    
      This optional parameter accepts up to 44 hexadecimal digits
      that will be interpreted by CICS as a list of up to 22 2-digit
      cipher suite codes.
    
      Note that although CICS supports up to 28 2-digit cipher suite
      codes in equivalent CIPHERS attributes, the TCPIPSSLCIPHERS
      parameter is limited to 22 2-digit codes, due to a parameter
      value length restriction in the WUI.
    
      EYU0VWXI (VWXI - WUI CWI control) has been changed to retrieve
      the value of the TCPIPSSLCIPHERS parameter if the TCPIPSSL
      parameter is set to YES. If TCPIPSSLCIPHERS is specified, any
      value will be passed into the CIPHERS attribute of the
      TCPIPSERVICE that is subsequently created. This processing
      will occur for the EYUWUI and EYUCMCIT TCPIPSERVICEs.
    
    - Length validation logic in VSPI and VWXI have been updated to
      allow for 44 byte parameter values.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PK87387

  • Reported component name

    CICS TS Z/OS V4

  • Reported component ID

    5655S9700

  • Reported release

    60M

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2009-05-27

  • Closed date

    2009-07-24

  • Last modified date

    2009-08-03

  • APAR is sysrouted FROM one or more of the following:

    PK87334

  • APAR is sysrouted TO one or more of the following:

    UK48630

Modules/Macros

  • DYU0VSPM DYU0VWXL EYU0DVWI EYU0VSPI EYU0VSPL
    EYU0VWXI EYU7VSP7
    

Publications Referenced
GC34699500SC34700300   

Fix information

  • Fixed component name

    CICS TS Z/OS V4

  • Fixed component ID

    5655S9700

Applicable component levels

  • R60M PSY UK48630

       UP09/07/25 P F907

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.1","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
03 August 2009