A fix is available
APAR status
Closed as program error.
Error description
When establishing Secure Sockets Layer (SSL) connection between Tivoli Storage manager and client with "SSLFIPSMODE YES", dsmerror.log reports following errors. ANS1579E GSKit function gsk_secure_soc_init failed with 415: GSK_ERROR_BAD_PEER ANS9020E Could not establish a session with a TSM server or client agent. The TSM return code is -362. ANS1592E Failed to initialize SSL protocol. Unable to establish session with server. Following errors are generated on the server: ANR8583E An SSL socket initialization error occurred on session 1. The GSKit return code is 420. ANR8581E An SSL read error occurred on session 1. The GSKit return code is 406. There is a client APAR IC92002 for the same issue. Versions affected: Tivoli Storage Manager server 6.3.3 and above on all platforms. Additional Keywords SSL gskit api call Additional L2 info: Client service trace: : commtcp.cpp (1623): TcpOpen: Trying to connect to server at: : commtcp.cpp (1624): Domain Name: x.x.x.x : commtcp.cpp (1626): Port #: xxxx : commtcp.cpp (1651): TcpOpen: using blocking sockets : pscomtcp.cpp (1178): Attempt connection results, rc = 0. : pscomtcp.cpp (1194): psTcpConnect(): Attempt socket 1260 (IPv4) connection -> rc=0, errno=22013-01-07 12:10:14.604 : commtcp.cpp (1789): TcpOpen(): Looks like an SSL session. Initializing SSL socket... : gskit.cpp ( 259): GSKit::GSKit(): Entering : psskit.cpp ( 236): GSKit::psLoadFunctions(): Loading functions from path 'C:\Program Files\ibm\gsk8\lib64'... : psskit.cpp ( 284): GSKit::psLoadFunctions(): All functions have been successfully loaded : gskit.cpp ( 989): key database name is 'C:\Program Files\Tivoli\TSM\baclient\dsmcert.kdb' : gskit.cpp ( 371): GSKit::GSKit(): FIPS mode is ON : gskit.cpp ( 413): GSKit::GSKit(): setting TLS12 cipher specs 'TLS_RSA_WITH_AES_256_CBC_SHA' : gskit.cpp ( 500): GSKit::GSKit(): GSKit version: 8.0.14.14 : gskit.cpp (1042): setError(): gsk_secure_soc_init returned 415: 'GSK_ERROR_BAD_PEER' Initial Impact: Medium
Local fix
Set "SSLFIPSMODE NO" in dsmserv.opt, and restart the server.
Problem summary
**************************************************************** * USERS AFFECTED: All Tivoli Storage Manager server users. * **************************************************************** * PROBLEM DESCRIPTION: See error description. * **************************************************************** * RECOMMENDATION: * **************************************************************** *
Problem conclusion
This problem was fixed. Affected platforms: AIX, HP-UX, Solaris, Linux, and Windows. Recommendation: Apply fixing level when available. This problem is currently projected to be fixed in level 6.3.5. Note that this is subject to change at the discretion of IBM.
Temporary fix
Comments
APAR Information
APAR number
IC92000
Reported component name
TSM SERVER
Reported component ID
5698ISMSV
Reported release
63A
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-04-30
Closed date
2013-06-20
Last modified date
2013-06-21
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TSM SERVER
Fixed component ID
5698ISMSV
Applicable component levels
R63A PSY
UP
R63H PSY
UP
R63L PSY
UP
R63S PSY
UP
R63W PSY
UP
R63Z PSY
UP
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"63A","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
21 June 2013