A fix is available
APAR status
Closed as new function.
Error description
Addresses WUI TCPIPSSL Configuration options
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICSPlex SM Users. * **************************************************************** * PROBLEM DESCRIPTION: CICSPlex SM WUI region SSL/TLS * * configuration does not exploit * * AT-TLS aware features of CICS. * **************************************************************** * RECOMMENDATION: The PTFs addressing this APAR should be * * applied to all WUI regions. This can be * * done in any order. * * * * It is recommended that TCPIPSSL(ATTLSBASIC) * * configuration value is replaced with * * TCPIPSSL(ATTLSAWARE) after application. * **************************************************************** The CPSM WUI configuration value TCPIPSSL does not accept the ATTLSAWARE value. As such the configuration does not fully exploit the configuration validation for AT-TLS, allowing potentially incorrect configuration of the WUI region. TCPIPService(EYUWUI) is configured based on the EYUWUI parameters. Currently with TCPIPSSL(ATTLSBASIC), TCPIPS(EYUWUI) is defined with SSL(NO), as such non-HTTPS requests are not detected. This also results in the configuration value not aligning with the existing ATTLSAWARE values, as TCPIPSSL currently uses the ATTLSBASIC value for this purpose.
Problem conclusion
TCPIPSSL(ATTLSAWARE) has been added for WUI configuration, and will be the recommended option for AT-TLS configurations for TCPIPSSL going forward. TCPIPSSL(ATTLSBASIC) behaviour has been altered to alias TCPIPSSL(ATTLSAWARE). This provides ATTLSAWARE features to be supported with the WUI. With these values set the WUI defined/configured service TCPIPService(EYUWUI) is configured as SSL(ATTLSAWARE), with the requirements described by the TCPIPService ATTLSAWARE function. Documentation relating to the TCPIPSSL applicable values will be updated to detail the new ATTLSAWARE value, and the recommendation of use over ATTLSBASIC.
Temporary fix
Comments
APAR Information
APAR number
PH60557
Reported component name
CICS TS Z/OS V5
Reported component ID
5655Y0400
Reported release
20M
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / New Function / Xsystem
Submitted date
2024-03-26
Closed date
2024-04-10
Last modified date
2024-05-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
PH60558 UI96443 UI96444 UI96445 UI96446
Modules/Macros
DFJ@H350 DFJ@H571 EYU0DVWI EYU0VCTE EYU0VCTI EYU0VCTL EYU0VCTR EYU0VCTS EYU0VCTT EYU0VCTU EYU0VCTV EYU0VCTW EYU0VCTX EYU0VCTY EYU0VCTZ EYU0VSPI EYU0VSPL EYU0VSPT EYU0VWRC EYU0VWRE EYU0VWRN EYU0VWRP EYU0VWRR EYU0VWRS EYU0VWXI EYU0VWXP EYU0VWXT EYUEVCTL
Fix information
Fixed component name
CICS TS Z/OS V5
Fixed component ID
5655Y0400
Applicable component levels
R200 PSY UI96445
UP24/04/13 P F404
R20M PSY UI96446
UP24/04/13 P F404
R300 PSY UI96443
UP24/05/01 P F404
R30M PSY UI96444
UP24/04/16 P F404
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.5","Line of Business":{"code":"LOB70","label":"Z TPS"}}]
Document Information
Modified date:
02 May 2024