IBM Support

PH28123: ARSYSPIN HIGH CPU

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • ARSYSPIN high CPU in system SSL module GSKC64F.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: All Content Manager OnDemand for z/OS 10.1   *
*                 and above.                                   *
****************************************************************
* PROBLEM DESCRIPTION: 1.Excessive CPU noticed when running    *
*                      arsload in a non-SSL environment.  A    *
*                      performance monitor will show CPU being *
*                      consumed in module GSKC64F.  GSKC64F    *
*                      is a DLL for z/OS Cryptographic         *
*                      Services System SSL.                    *
*                                                              *
*                      2.By default, CMOD enables SSLv2 and    *
*                      SSLv3 which are obsolete, and does not  *
*                      enable TLS 1.2, which is not obsolete.  *
****************************************************************
1. During module startup, ARGGSKOD was making a call to
gsk_fips_state_set to enable FIPS mode for SSL.  Enabling FIPS
mode can consume a lot of CPU while SSL performs various
validity checks.  If not intending to use SSL, the CPU
consumption is wasted.

2. As CMOD is shipped and with the default System SSL settings,
SSLv2 and SSLv3 were enabled and had to be disabled via SSL
environment variables.  As shipped, TLS 1.2 was not enabled and
had to be enabled via SSL environment variables.

    



Problem conclusion


    

  • 1. ARGGSKOD is changed to call gsk_status gsk_fips_state_set
only when an SSL connection is being attempted.

2. ARGGSKOD is changed to explicitly disable SSLv2 and SSLv3,
and explicitly enable TLS 1.2.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH28123
    • 

  • Reported component name
    CM OD Z/OS, OD/
    • 

  • Reported component ID
    5655H3900
    • 

  • Reported release
    A10
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2020-08-03
    • 

  • Closed date
    2020-08-19
    • 

  • Last modified date
    2020-09-01
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UI71132 UI71133
    

    • 



Modules/Macros


    

  • ARGGSKOD ARNGSKOD

    



Fix information


    

  • Fixed component name
    CM OD Z/OS, OD/
    • 

  • Fixed component ID
    5655H3900
    • 



Applicable component levels


    

  • RA10  PSY  UI71132
       UP20/08/20  P  F008
    • 

  • RA50  PSY  UI71133
       UP20/08/20  P  F008
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSQHWE","label":"Content Manager OnDemand for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A10","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            02 September 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback