PH52131: CSQX207E CSQXRESP INVALID DATA RECEIVED / CSQX504E CSQXRESP LOCAL PROTOCOL ERROR, CHANNEL TYPE=0000000B DATA=00000000

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• A client is trying to communicate to MQ using SSL/TLS security
  but is receiving the following messages:
  
  CSQX053E cpf CSQXFFST Error information recorded in CSQSNAP
  data set
  CSQX207E cpf CSQXRESP Invalid data received,
           connection xxxxxx (ip address)
           (queue manager ????)
           TRPTYPE=TCP
  CSQX504E cpf CSQXRESP Local protocol error,
           channel
           type=0000000B data=00000000
  
  MQ parses incoming SSL/TLS client hellos in ccxGetConvType to
  extract details about the protocols and ciphers being proposed
  by the client. The problem in this instance is the
  supported_versions TLS extension. In the customer client hello,
  the extension contains 3 supported versions - TLS1.2 (0x0303),
  TLS1.1 (0x0302) and TLS1.0 (0x0301). MQ for z/OS doesn't
  support TLS1.1, and the supported version parsing code in
  ccxGetConvType doesn't handle it, and instead treats it as an
  invalid version.
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All users of IBM MQ for z/OS Version 9       *
  *                 Release 2 Modification 0 and                 *
  *                 Release 3 Modification 0.                    *
  ****************************************************************
  * PROBLEM DESCRIPTION: Error messages CSQX053E:                *
  *                      CSQX053E:                               *
  *                       'CSQXFFST Error information recorded   *
  *                        in CSQSNAP data set',                 *
  *                      CSQX207E:                               *
  *                       'CSQXRESP Invalid data received'       *
  *                      and                                     *
  *                      CSQX504E:                               *
  *                       'CSQXRESP Local protocol error'        *
  *                      are issued when a TLS client includes   *
  *                      TLS1.1 in the SupportedProtocols        *
  *                      extension of the ClientHello.           *
  ****************************************************************
  During the initial TLS handshake between a client and the
  channel initiator, the client provided a SupportedProtocols
  extension containing several proposed Protocol levels, including
  TLS 1.1, in the ClientHello
  The channel initiator processed the extension, and incorrectly
  determined that the extension was invalid because MQ does not
  support TLS 1.1.
  

Problem conclusion

• ClientHello processing will now correctly handle a
  SupportedProtocols extension containing TLS 1.1 as a proposed
  Protocol.
  Subsequent processing will correctly cause the TLS handshake to
  fail unless a valid support Protocol was also proposed.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UI93241 UI93242

Modules/Macros

• CSQXCCCX
  

Fix information

• Fixed component name

  IBM MQ Z/OS V9

• Fixed component ID

  5655MQ900

Applicable component levels

• R200 PSY UI93242

     UP23/10/10 P F310

• R300 PSY UI93241

     UP23/10/10 P F310

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.