IBM: TCP/IP for VM

ADDRESSING EXCEPTION LOOP DURING HANDSHAKE FAILURE

 
 APAR Identifier ...... PH00032      Last Changed ........ 18/09/04            
 ADDRESSING EXCEPTION LOOP DURING HANDSHAKE FAILURE                            
                                                                               
 Symptom ...... LP LOOP              Status ........... CLOSED  PER            
 Severity ................... 4      Date Closed ......... 18/07/19            
 Component .......... 5735FAL00      Duplicate of ........                     
 Reported Release ......... 710      Fixed Release ............ 999            
 Component Name TCP/IP FOR Z/VM      Special Notice                            
 Current Target Date ..              Flags                                     
 SCP ...................                                                       
 Platform ............                                                         
                                                                               
 Status Detail: SHIPMENT - Packaged solution is available for                  
                           shipment.                                           
                                                                               
 PE PTF List:                                                                  
                                                                               
 PTF List:                                                                     
 Release 710   : UI57373 available 18/07/23 (1801 )                            
                                                                               
 Parent APAR:                                                                  
 Child APAR list:                                                              
                                                                               
 ERROR DESCRIPTION:                                                            
 A TCP/IP addressing exception loop can occur when a secure                    
 handshake fails due to no longer having an associated SSL server              
 with a connection.  This can occur when some type of event                    
 forces a client to be 'killed' before the SSL handshake                       
 completes.                                                                    
                                                                               
 LOCAL FIX:                                                                    
                                                                               
 PROBLEM SUMMARY:                                                              
 ****************************************************************              
 * USERS AFFECTED: All z/VM TCP/IP users that secure            *              
 *                 connections through the z/VM TLS/SSL server. *              
 ****************************************************************              
 * PROBLEM DESCRIPTION:                                         *              
 ****************************************************************              
 * RECOMMENDATION: APPLY PTF                                    *              
 ****************************************************************              
 z/VM TCP/IP was updated to keep track of outstanding handshake                
 requests via a list that is chained off of an SSL server.                     
 Elements get put on the list when a handshake is initiated and                
 pulled off when the handshake completes successfully or when                  
 there is a handshake failure.                                                 
                                                                               
 An addressing loop is encountered in TCP/IP when a handshake                  
 fails because there is no SSL server associated with a                        
 connection.                                                                   
                                                                               
 PROBLEM CONCLUSION:                                                           
 The SslIPQRemove routine in TCPSSL has been updated to test                   
 the SSL server element that gets passed in.  If the pointer                   
 is nil, control is returned to the caller immediately.                        
                                                                               
 TEMPORARY FIX:                                                                
                                                                               
 COMMENTS:                                                                     
                                                                               
 MODULES/MACROS:                                                               
 TCPREQU  TCPSSL                                                               
                                                                               
 SRLS:                                                                         
 NONE                                                                          
                                                                               
 RTN CODES:                                                                    
                                                                               
 CIRCUMVENTION:                                                                
                                                                               
 MESSAGE TO SUBMITTER: