A fix is available
APAR status
Closed as new function.
Error description
Need TLS V1.2 support Additional Symptoms / Keywords: DFHSO0002 A severe error (code X'080C') has occurred in module DFHSOSE Above message may be experienced when CICS's DFHSIT parameter (ENCRYPTION) is coded to either ENCRYPTION=ALL or ENCRYPTION=TLS12FIPS
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of z/OS Cryptographic Services System * * Secure Sockets Layer (SSL). * **************************************************************** * PROBLEM DESCRIPTION: This APAR adds support to z/OS * * System SSL for the TLS V1.2 protocol. * * The TLS V1.2 protocol is defined in * * RFC 5246 and includes updates to * * previous versions of the Transport * * Layer Security (TLS) Protocol. This * * support enables applications to use * * SHA-256 and SHA-384 hashing algorithms * * during SSL handshake operations. * * This support also has added new * * cipher suites, which use the AES-GCM * * (Galois Counter Mode) encryption * * algorithms that can be used by * * applications. * **************************************************************** * RECOMMENDATION: APPLY PTF * **************************************************************** New function support has been added to System SSL in z/OS V1R13 for TLS V1.2. The TLS V1.2 protocol is defined in RFC 5246 and includes updates to previous versions of the Transport Layer Security (TLS) Protocol.
Problem conclusion
Temporary fix
Comments
z/OS System SSL in z/OS V1R13 has been updated to support the TLS V1.2 protocol as defined in RFC 5246. If using sysplex session ID caching, the PTFs for conditioning APAR OA37102 must be installed prior to exploiting the new TLS V1.2 functionality provided in this APAR. If these PTFs are not installed on the back level releases and TLS V1.2 session IDs are present in the cache, the TLS V1.2 resumed session on the back level release will fail with a return code of 411 (although other return codes are possible). For installations running on a z196 or z114 processor with CEX3C installed, to ensure proper ECC processing, the CEX3C level needs to be at least CCA Release level 4.2.7z driver 93G and MCL Bundle 31b containing - N48132.006. For installations running on a z12EC processor with CEX3C installed, the fix is already present in the CCA Release level 4.3 and later drivers. Please refer to the "z/OS Cryptographic Services System Secure Sockets Layer Programming" manual (SC24-5901-11) for information about using the TLS V1.2 protocol with z/OS System SSL. The manual is available on the web in the z/OS Information Center and in the Cryptographic Services bookshelf at URL: http://www.ibm.com/systems/z/os/zos/bkserv/ Navigate to the z/OS V1R13.0 manuals. This APAR support was provided through internal features 4063, 4299, and 4370 and internal defects 4397 and 4403.
APAR Information
APAR number
OA39422
Reported component name
SYSTEM SSL
Reported component ID
565506805
Reported release
3D0
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / New Function / Xsystem
Submitted date
2012-04-23
Closed date
2012-10-09
Last modified date
2016-12-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UA66870 UA66871 UA66872
Modules/Macros
GSKAH002 GSKAH007 GSKAH010 GSKAH039 GSKAM003 GSKCMS31 GSKCMS64 GSKC31 GSKC31F GSKC64 GSKC64F GSKHP001 GSKHP002 GSKJM003 GSKKYMAN GSKSRVR GSKSSL GSKSSL64 GSKS31 GSKS31F GSKS64 GSKS64F
SC245901XX |
Fix information
Fixed component name
SYSTEM SSL
Fixed component ID
565506805
Applicable component levels
R3DJ PSY UA66871
UP12/10/28 P F210
R3D0 PSY UA66870
UP12/10/28 P F210
R3D1 PSY UA66872
UP12/10/28 P F210
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3D0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":null,"label":null},"Product":{"code":"SG19O","label":"APARs - MVS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3D0","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
08 December 2016