IBM Support

PH08677: CICS: LIBERTY SERVER.XML ORDERING OF THE ENABLEDCIPHERS LIST IN SSL ELEMENT

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • After upgrading to CICS TS 5.5, the server.xml file is getting
    rebuilt by CICS.  In particular, for the ssl element the
    enabledciphers are listed in an order that is not preferred.
    The ciphers ended up in an unordered map before being written
    to the server.xml file.
    .
    .
    .
    Additional Symptom(s) Search Keyword(s): KIXREVCTC
    

Local fix

  • n/a
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All CICS Users.                              *
    ****************************************************************
    * PROBLEM DESCRIPTION: The ciphers in the SSL cipher suite     *
    *                      specification file specified in the     *
    *                      WUI TCPIPSSLCIPHERS parameter are not   *
    *                      added to server.xml in the same order.  *
    ****************************************************************
    When starting up a CMCI Liberty server in a WUI region, CICS
    will configure SSL enabledCiphers attribute from WUI server
    initialization parameter TCPIPSSLCIPHERS.
    The ciphers are not added to server.xml in the same order.
    

Problem conclusion

  • CICS has been changed to add the ciphers in the specified
    ciphers file to the server.xml with the same order.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH08677

  • Reported component name

    CICS TS Z/OS V5

  • Reported component ID

    5655Y0400

  • Reported release

    200

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-02-18

  • Closed date

    2019-04-18

  • Last modified date

    2019-05-02

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Modules/Macros

  • DFJ@H350
    

Fix information

  • Fixed component name

    CICS TS Z/OS V5

  • Fixed component ID

    5655Y0400

Applicable component levels

  • R200 PSY UI62568

       UP19/04/24 P F904

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.5","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.5","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
02 May 2019