A fix is available
APAR status
Closed as program error.
Error description
Customer's external partner requires CICS to use SHA-256 with RSASSA-PSS and SHA-512 with RSASSA-PSS Signature algorithms We need to change CICS to set the GSK_TLS_SIG_ALG_PAIRS environment variable to include the 0804, 0805 and 0806 algorithms.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICS users * **************************************************************** * PROBLEM DESCRIPTION: DFHSO0123 with insert * * GSK_ERR_CERT_VALIDATION, * * indicating a partner certificate error. * **************************************************************** CICS calls a web service to a remote server using the SSL protocol and attempts to open a connection and establish a handshake. The handshake fails because the signature algorithm from the client certificate is not in the signature algorithms pairs list. This leads to the error message DFHSO0123 GSK_ERR_CERT_VALIDATION, indicating a partner certificate error.
Problem conclusion
We have updated DFHSOSE to explicitly set GSK_TLS_SIG_ALG_PAIRS to add in the additional algorithms (0804, 0805, and 0806).
Temporary fix
Comments
×**** PE23/12/22 FIX IN ERROR. SEE APAR PH58916 FOR DESCRIPTION
APAR Information
APAR number
PH54464
Reported component name
CICS TS Z/OS V6
Reported component ID
5655YA100
Reported release
400
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-05-11
Closed date
2023-06-29
Last modified date
2024-03-27
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI92546
Modules/Macros
DFHSOSK
Fix information
Fixed component name
CICS TS Z/OS V6
Fixed component ID
5655YA100
Applicable component levels
R400 PSY UI92546
UP23/06/30 P F306
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Line of Business":{"code":"LOB70","label":"Z TPS"}}]
Document Information
Modified date:
04 April 2024