APAR status
Closed as program error.
Error description
MQ client SSL/TLS connection ends unexpectedly. . The AMQError logs for the queue manager report: . AMQ9620E: Internal error on call to SSL function on channel 'TEST.CHANNEL' to host 'hostname' (xx.xx.xx.x)'. . EXPLANATION: An error indicating a software problem was returned from a function which is used to provide SSL or TLS support. The error code returned was '5'. The function call was 'gsk_secure_soc_read'. . The channel is 'TEST.CHANNEL'; in some cases its name cannot be determined and so is shown as '????'. The channel did not start. . The remote host name is 'hostname(xx.xx.xx.x)'. This error is seen after applying the fix for APAR IT23436, which describes the same problem.
Local fix
Turn off SSL key resets: ie set SSLRKEYC(0) Setting SSLRKEYC(0) may expose some cypherspec's keys to being compromised this should be used with caution.
Problem summary
**************************************************************** USERS AFFECTED: MQ versions 8.0.0.10+ or 9.0.0.4+ with MCA channels between LINUX/UNIX and z/OS -based queue managers using SSL with IT23436 applied Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: A coding error in the fix for IT23436 allowed a very small timing window to exist where a channel connection may end unexpectedly during the handling of a co-incident SSL Key reset packet and an EWOULDBLOCK event on the TCP socket. The problem would occur specifically during setting of the errno while handling the SSL Key reset packet .
Problem conclusion
The coding error has been corrected to appropriately set the errno value. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v8.0 8.0.0.13 v9.0 LTS 9.0.0.8 v9.1 CD 9.1.3 v9.1 LTS 9.1.0.3 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT28621
Reported component name
IBM MQ BASE M/P
Reported component ID
5724H7261
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-03-31
Closed date
2019-07-04
Last modified date
2019-07-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
IBM MQ BASE M/P
Fixed component ID
5724H7261
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
04 July 2019