A fix is available
APAR status
Closed as program error.
Error description
IBM Explorer for z/OS - zExpl - RSE Server TLS session is not using the expected cipher suite for the client connection The Remote System Explorer (RSE) Daemon is using 2 character cipher suites that are proposed in the rse.env > GSK_V3_CIPHER_SPECS. However, the RSE Server is using a 4 character cipher that cannot be specified in the GSK_V3_CIPHER_SPECS. The negotiation for the RSE Daemon is logged in the RSE Daemon log, and you can see that is correctly selects from the list presented in the GSK_V3_CIPHER_SPECS. For example, in the log you may see this entry: GSK_CONNECT_CIPHER_SPEC=2F (TLS_RSA_WITH_AES_128_CBC_SHA). However, in the RSECOMM log you may see this trace entry: ConnectionEstablisher: SSL/TLS Cipher Suite: SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256 this is a 4 character cipher of C030.
Local fix
none available.
Problem summary
**************************************************************** * USERS AFFECTED: 1. All zOS Explorer users * * 2. All zOS Explorer users * * 3. All zOS Explorer users who has SSL * * enabled * * 4. All zOS Explorer users who has SSL * * enabled * **************************************************************** * PROBLEM DESCRIPTION: 1. Daemon version shown in the log is * * often mixed up with the IDz version * * number. Removed Daemon version:14.0 * * from the Logs to eliminate confusion * * 2. rse.env is missing an undocumented * * environment variable * * 3. Enhancement to support 4 char-id * * ciphers when connecting using SSL * * 4. RSE Server TLS session is not using * * the expected cipher suite for the * * client connection. * **************************************************************** 1. Daemon version shown in the log is often mixed up with the IDz version number. Remove Daemon version:14.0 from the Logs to eliminate confusion 2. rse.env is missing an undocumented environment variable 3. Enhancement to support 4 char-id ciphers when connecting using SSL 4. The Remote System Explorer (RSE) Daemon is using 2 character cipher suites that are proposed in the rse.env > GSK_V3_CIPHER_SPECS. However, the RSE Server is using a 4character cipher that cannot be specified in the GSK_V3_CIPHER_SPECS.
Problem conclusion
1. Host modules have been updated 2. Sample has been updated 3. Host modules have been updated. Note: 4 character ciphers are only supported with JAVA 8 4. Host modules have been updated
Temporary fix
Comments
APAR Information
APAR number
PH02312
Reported component name
EXP FOR Z/OS HO
Reported component ID
5655EXP23
Reported release
310
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-08-29
Closed date
2018-08-29
Last modified date
2018-10-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI58187
Modules/Macros
FEJENF70 FEJJCNFG FEJJJCL FEJJMON FEJTSO FEK1SMPE FEK2RCVE FEK3ALOC FEK4ZFS FEK5MKD FEK6DDEF FEK7APLY FEK8ACPT FEK@CERR FEK@CONE FEK@CONF FEK@CUST FEK@DEB FEK@DESC FEK@FLOW FEK@GEN FEK@GENW FEK@ISPF FEK@IVP FEK@IVPD FEK@IVPW FEK@JCN1 FEK@JCNE FEK@JESJ FEK@MAIN FEK@MIGO FEK@OPTE FEK@OPTG FEK@OPTN FEK@PRIM FEK@RSE1 FEK@RSEO FEK@STRT FEK@TAB1 FEK@TAB2 FEK@TAB3 FEK@WRK1 FEK@WRK2 FEK@WRK3 FEK@WRK4 FEK@WRK5 FEKAPPCC FEKAPPCL FEKAPPCX FEKATTR FEKDSI FEKEESX0 FEKFASIZ FEKFATT1 FEKFBLD FEKFCIPH FEKFCLIE FEKFCMOD FEKFCMPR FEKFCMSG FEKFCOMM FEKFCOPY FEKFCOR6 FEKFCORE FEKFDBGM FEKFDIR FEKFDIR6 FEKFDIVP FEKFDST0 FEKFDST1 FEKFDST2 FEKFENVF FEKFENVI FEKFENVP FEKFENVR FEKFENVS FEKFEPL FEKFICUL FEKFISPF FEKFIVP0 FEKFIVPA FEKFIVPD FEKFIVPI FEKFIVPJ FEKFIVPT FEKFJESM FEKFJESU FEKFJVM FEKFLATR FEKFLDSI FEKFLDSL FEKFLEOP FEKFLOGS FEKFLPTH FEKFMAI6 FEKFMAIN FEKFMINE FEKFMINS FEKFMNTL FEKFNTCE FEKFOMVS FEKFPATT FEKFPRDS FEKFPTC FEKFRIVP FEKFRMSG FEKFRSES FEKFRSRV FEKFSCMD FEKFSEND FEKFSSL FEKFSTUP FEKFT000 FEKFT001 FEKFT002 FEKFT003 FEKFT004 FEKFT005 FEKFT006 FEKFT007 FEKFT008 FEKFT009 FEKFT010 FEKFT011 FEKFTIVP FEKFTRKS FEKFTSO FEKFUTIL FEKFVERS FEKFXITA FEKFXITL FEKFZME FEKFZMF FEKFZOS FEKHCONF FEKHCUST FEKHDEB FEKHDESC FEKHFLOW FEKHGEN FEKHISPF FEKHIVP FEKHIVPD FEKHJESJ FEKHMAIN FEKHMIGO FEKHOPTE FEKHOPTN FEKHPRIM FEKHRSE1 FEKHRSEO FEKHSTRT FEKHTAB1 FEKHTAB2 FEKINIT FEKKEYS FEKLOGR FEKLOGS FEKM00 FEKM01 FEKM02 FEKMKDIR FEKMOUNT FEKMSGC FEKMSGS FEKRACF FEKRSED FEKSAPF FEKSAPPL FEKSBPX FEKSCLAS FEKSCLOG FEKSCMD FEKSCPYM FEKSCPYU FEKSDSN FEKSENV FEKSETUP FEKSISPF FEKSJCFG FEKSJCMD FEKSJMON FEKSLPA FEKSPROG FEKSPTKT FEKSRSED FEKSSERV FEKSSTC FEKSSU FEKSUSER FEKXCFGE FEKXCFGI FEKXCFGM FEKXCFGT FEKXMAIN FEKXML
Fix information
Fixed component name
EXP FOR Z/OS HO
Fixed component ID
5655EXP23
Applicable component levels
R310 PSY UI58187
UP18/09/26 P F809
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSBDYH","label":"IBM Explorer for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"310","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"310","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
02 October 2018