PH60557: WUI TCPIPSSL CONFIGURATION

Obtain the fix for this APAR.

APAR status

• Closed as new function.

Error description

• Addresses WUI TCPIPSSL Configuration options
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All CICSPlex SM Users.                       *
  ****************************************************************
  * PROBLEM DESCRIPTION: CICSPlex SM WUI region SSL/TLS          *
  *                      configuration does not exploit          *
  *                      AT-TLS aware features of CICS.          *
  ****************************************************************
  * RECOMMENDATION: The PTFs addressing this APAR should be      *
  *                 applied to all WUI regions. This can be      *
  *                 done in any order.                           *
  *                                                              *
  *                 It is recommended that TCPIPSSL(ATTLSBASIC)  *
  *                 configuration value is replaced with         *
  *                 TCPIPSSL(ATTLSAWARE) after application.      *
  ****************************************************************
  The CPSM WUI configuration value TCPIPSSL does not accept
  the ATTLSAWARE value. As such the configuration does not
  fully exploit the configuration validation for AT-TLS, allowing
  potentially incorrect configuration of the WUI region.
  TCPIPService(EYUWUI) is configured based on the EYUWUI
  parameters. Currently with TCPIPSSL(ATTLSBASIC), TCPIPS(EYUWUI)
  is defined with SSL(NO), as such non-HTTPS requests are not
  detected.
  
  This also results in the configuration value not aligning with
  the existing ATTLSAWARE values, as TCPIPSSL currently uses the
  ATTLSBASIC value for this purpose.
  

Problem conclusion

• TCPIPSSL(ATTLSAWARE) has been added for WUI configuration, and
  will be the recommended option for AT-TLS configurations for
  TCPIPSSL going forward. TCPIPSSL(ATTLSBASIC) behaviour has been
  altered to alias TCPIPSSL(ATTLSAWARE). This provides ATTLSAWARE
  features to be supported with the WUI. With these values set the
  WUI defined/configured service TCPIPService(EYUWUI) is
  configured as SSL(ATTLSAWARE), with the requirements described
  by the TCPIPService ATTLSAWARE function.
  
  Documentation relating to the TCPIPSSL applicable values will
  be updated to detail the new ATTLSAWARE value, and the
  recommendation of use over ATTLSBASIC.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  PH60558 UI96443 UI96444 UI96445 UI96446

Modules/Macros

• DFJ@H350 DFJ@H571 EYU0DVWI EYU0VCTE EYU0VCTI EYU0VCTL EYU0VCTR
  EYU0VCTS EYU0VCTT EYU0VCTU EYU0VCTV EYU0VCTW EYU0VCTX EYU0VCTY
  EYU0VCTZ EYU0VSPI EYU0VSPL EYU0VSPT EYU0VWRC EYU0VWRE EYU0VWRN
  EYU0VWRP EYU0VWRR EYU0VWRS EYU0VWXI EYU0VWXP EYU0VWXT EYUEVCTL
  

Fix information

• Fixed component name

  CICS TS Z/OS V5

• Fixed component ID

  5655Y0400

Applicable component levels

• R200 PSY UI96445

     UP24/04/13 P F404  

• R20M PSY UI96446

     UP24/04/13 P F404  

• R300 PSY UI96443

     UP24/05/01 P F404  

• R30M PSY UI96444

     UP24/04/16 P F404  

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.