IBM Support

PH50836: DFHSO0123 RET CODE 448 RECEIVED FROM GSK_SECURE_SOCKET_INIT SSL CALL DURING CICS WEBSERVICE OUTBOUND REQUEST

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The client upgraded from CICS TS 5.4 to 6.1 and found that an
outbound webservice request failed with the following :

DFHSO0123 09/11/2022 11:12:29 ITC1G1OG Return code 448 received
from function gsk_secure_socket_init  of System SSL. Reason:
Server name not recognized.

(return code is GSK_ERR_UNRECOGNIZED_NAME)

The problem happens because the hostname that is sent as part of
the client hello packet contains additional blanks

Additional symptoms: Upgrade2CICS61

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: All CICS users.                              *
****************************************************************
* PROBLEM DESCRIPTION: DFHSO0123 with return code 448 after an *
*                      outbound webservice request.            *
****************************************************************
A CICS application makes an outbound HTTP request over a TLS 1.2
connection where the target server has been configured to
require server name indication (SNI) to be used. DFHSOSE copies
the hostname and its length into the client hello message, plus
some extra non-null data. This extra data causes a TLS handshake
to fail with GSK_ERR_UNRECOGNIZED_NAME.

    



Problem conclusion


    

  • DFHSOSE has been changed to only copy the exact hostname and its
length.
FIXCAT: SWPSP/K

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH50836
    • 

  • Reported component name
    CICS TS Z/OS V6
    • 

  • Reported component ID
    5655YA100
    • 

  • Reported release
    400
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    YesHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2022-11-11
    • 

  • Closed date
    2023-02-14
    • 

  • Last modified date
    2024-04-18
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UI90517
    

    • 



Modules/Macros


    

  • DFHSOSE

    



Fix information


    

  • Fixed component name
    CICS TS Z/OS V6
    • 

  • Fixed component ID
    5655YA100
    • 



Applicable component levels


    

  • R400  PSY  UI90517
       UP23/03/01  P  F302  ¢
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Line of Business":{"code":"LOB70","label":"Z TPS"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            18 April 2024
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback