Technical Blog Post
Abstract
Getting CSPA011E on a Connect:Direct Secure+ COPY.
Body
Occasionally you may receive CSPA011E or CSPA024E when attempting to do a Secure+ COPY; in particular, a PULL. This occurs when the PNODE has Data Encryption set to NO and the SNODE has it set to YES and the PNODE is pulling the file from the SNODE (if the PNODE is pushing the file, or the Data Encryption settings are reversed or are the same, the error will not occur). The correct settings are when the PNODE and SNODE both have Data Encryption set the same.
Although this behavior is inconsistent, this particular error condition will be corrected in a future release (past Connect:Direct for z/OS 5.2), but will not be corrected in current releases due to the possibility that correcting it could affect or cause issues with production processes currently pushing files.
However, APAR PI69973 (5.2) or PI72215 (5.1) have added an enhancement that makes the Data Encryption setting visible in select stats and tracing. Now the CT stat record will show not only what Secure+ protocol was used, but also the Data Encryption (Encrypt.Data) setting and if a Process Override was used, as in the following:
From a CT stat record:
Session Protocol => TCP
FASP => No
No HSAO license
V2 Buffer Size => 131,072
Negotiated V2 Buffer Size => 65,528
TCP Buffer Size Used => 262,144
Compression Control Feature: OFF
TLS V1.0 Enabled => Yes Encrypt.Data=Y (Process Override)
TLS Ciphersuite => TLS_RSA_WITH_AES_256_CBC_SHA
Subject => (SN=03:f5/C=US/ST=Iowa/L=DesMoines/O=IBM/OU=CDAdmin/CN=cdwin46/EMAIL=ema
Issuer => (C=US/ST=Iowa/L=DesMoines/O=IBM/OU=CDAdmin/CN=cdwin46/EMAIL=email001@bg.
***** CHECKPOINTED; Interval => 10,000,000
UID
ibm11123491