A fix is available
APAR status
Closed as program error.
Error description
After applying UI92545 (CICS 5.6) or UI92546 (CICS 6.1) message DFHSO0002 A severe error (code X'080C') has occurred in module DFHSOSE may be issued. The accompanying DFHSO0123 message will contain one of the following return codes: 12 - This is caused by the CICS certificate private key being secured in the PKDS using the RSA master key instead of the ECC master key. 455 - This is caused by ICSF being unavailable. 466 - This is caused by running on z/OS 2.3 where the GSK_TLS_SIG_ALG_PAIRS environment variable doesn't exist.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICS Users with APAR PH53611 applied * **************************************************************** * PROBLEM DESCRIPTION: DFHSO0123 function * * gsk_secure_socket_init error received * * containing one of the following return * * codes: * * * * 12 - CICS certificate private key * * being secured in the PKDS using * * the RSA master key instead of * * the ECC master key. * * * * 455 - ICSF is not active * * * * 466 - GSK_TLS_SIG_ALG_PAIRS * * environment variable is not * * supported in z/OS 2.3 * **************************************************************** CICS calls a web service to a remote server using the SSL protocol and attempts to open a connection and establish a handshake using one of the new algorithms (0804, 0805, and 0806) The handshake will fail if you are running with z/OS 2.3, ICSF is not active or the private key is secured in the PKDS using RSA instead of ECC master key.
Problem conclusion
UI92545 UI93696 We have removed the code which set the GSK_TLS_SIG_ALG_PAIRS. If CICS users want to use the additional algorithms (0804, 0805, and 0806) they will need to manually set the GSK_TLS_SIG_ALG_PAIRS value. You can change the default values that are used by CICS in either of the following ways: 1. Update CELQDOPT in the CEEPRMxx parmlib member to add an ENVAR statement that sets the required variable. This affects all 64-bit applications that use System SSL services, not just CICS applications. For detailed instructions, see "Creating system-level runtime options and keyword defaults with CEEPRMxx" in z/OS documentation. 2. Add a CEEOPTS DD statement to the CICS JCL. CEEOPTS needs to reference a data set or member that contains an ENVAR statement. This affects System SSL and JVM servers within CICS. ENVAR("GSK_TLS_SIG_ALG_PAIRS=06010603050105030401040304 02030103030302020102030202080608050804")
Temporary fix
Comments
APAR Information
APAR number
PH59545
Reported component name
CICS TS Z/OS V5
Reported component ID
5655Y0400
Reported release
300
Status
CLOSED PER
PE
YesPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2024-02-01
Closed date
2024-03-27
Last modified date
2024-05-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI96262
Modules/Macros
DFHLEPTS DFHMESOC DFHMESOE DFHMESOK DFHSOAD DFHSOCK DFHSODM DFHSODS DFHSODUF DFHSOGH@ DFHSOHN DFHSOIS DFHSOL DFHSOLI DFHSOLS DFHSOLX DFHSOLX6 DFHSOM01 DFHSOM02 DFHSOM03 DFHSONT DFHSOPL DFHSORD DFHSORL DFHSORM DFHSOS00 DFHSOS01 DFHSOS02 DFHSOS03 DFHSOS04 DFHSOS05 DFHSOS06 DFHSOS07 DFHSOS08 DFHSOS09 DFHSOS10 DFHSOS11 DFHSOS12 DFHSOS13 DFHSOS14 DFHSOS15 DFHSOS16 DFHSOS17 DFHSOS18 DFHSOS19 DFHSOS20 DFHSOS21 DFHSOS22 DFHSOS23 DFHSOSE DFHSOSES DFHSOSK DFHSOSM DFHSOST DFHSOTB DFHSOTI DFHSOTRI DFHSOUE DFHSOXM
Fix information
Fixed component name
CICS TS Z/OS V5
Fixed component ID
5655Y0400
Applicable component levels
R300 PSY UI96262
UP24/05/01 P F404 {
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.6","Line of Business":{"code":"LOB70","label":"Z TPS"}}]
Document Information
Modified date:
02 May 2024