IBM Support

PH54464: CUSTOMER REQUIRES CICS TO USE SHA-256 WITH RSASSA-PSS AND SHA-512 WITH RSASSA-PSS SIGNATURE ALGORITHMS.

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Customer's external partner requires CICS to use SHA-256 with
RSASSA-PSS and SHA-512 with RSASSA-PSS Signature algorithms
We need to change CICS to set the GSK_TLS_SIG_ALG_PAIRS
environment variable to include the 0804, 0805 and 0806
algorithms.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: All CICS users                               *
****************************************************************
* PROBLEM DESCRIPTION: DFHSO0123 with insert                   *
*                      GSK_ERR_CERT_VALIDATION,                *
*                      indicating a partner certificate error. *
****************************************************************
CICS calls a web service to a remote server using the SSL
protocol and attempts to open a connection and establish a
handshake. The handshake fails because the signature algorithm
from the client certificate is not in the signature algorithms
pairs list.

This leads to the error message DFHSO0123
GSK_ERR_CERT_VALIDATION, indicating a partner certificate error.

    



Problem conclusion


    

  • We have updated DFHSOSE to explicitly set GSK_TLS_SIG_ALG_PAIRS
to add in the additional algorithms (0804, 0805, and 0806).

    



Temporary fix


    

  • 



Comments


    

  • ×**** PE23/12/22 FIX IN ERROR. SEE APAR PH58916  FOR DESCRIPTION

    



APAR Information




    

  • APAR number
    PH54464
    • 

  • Reported component name
    CICS TS Z/OS V6
    • 

  • Reported component ID
    5655YA100
    • 

  • Reported release
    400
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2023-05-11
    • 

  • Closed date
    2023-06-29
    • 

  • Last modified date
    2024-03-27
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    
PH53611
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UI92546
    

    • 



Modules/Macros


    

  • DFHSOSK

    



Fix information


    

  • Fixed component name
    CICS TS Z/OS V6
    • 

  • Fixed component ID
    5655YA100
    • 



Applicable component levels


    

  • R400  PSY  UI92546
       UP23/06/30  P  F306
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Line of Business":{"code":"LOB70","label":"Z TPS"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            04 April 2024
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback