SSL SOCKET MAY PREMATURELY CLOSE AT END OF SESSION
APAR Identifier ...... PH01192 Last Changed ........ 18/09/12 SSL SOCKET MAY PREMATURELY CLOSE AT END OF SESSION Symptom ...... IN INCORROUT Status ........... CLOSED PER Severity ................... 3 Date Closed ......... 18/09/06 Component .......... 5735FAL00 Duplicate of ........ Reported Release ......... 640 Fixed Release ............ 999 Component Name TCP/IP FOR Z/VM Special Notice Current Target Date .. Flags SCP ................... Platform ............ Status Detail: SHIPMENT - Packaged solution is available for shipment. PE PTF List: PTF List: Release 640 : UI58351 available 18/09/12 (1000 ) Release 710 : UI58352 available 18/09/12 (1000 ) Parent APAR: Child APAR list: ERROR DESCRIPTION: A secure connection may prematurely close when a client or server follows a close_notify with an immediate RST. LOCAL FIX: N/A PROBLEM SUMMARY: **************************************************************** * USERS AFFECTED: All users of z/VM TCP/IP * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: APPLY PTF * **************************************************************** When a secure connectionn is closed, a close_notify command is issued to close the secure tunnel. Both sides of the connection issue a close_notify so that they both know when data is flowing in the clear. If a client/server doesn't care about the connection after the close_notify is issued, they may issue an immediate RST before receiving the close_notify from the partner. In this case, the SSL connection to the partner may be closed before all of the data has been delivered. PROBLEM CONCLUSION: The code in TCPUP PASCAL has been modified to check if a RST is being done for one half of an SSL secured connection. If the original connection was in the ESTABLISHED state, the RST is done immediately. If it is not in the ESTABLISHED state, the RST is delayed until all of the data has been delivered. TEMPORARY FIX: COMMENTS: MODULES/MACROS: CMNETST FPIPDOW FPI6DOW FPNOTIF FPQUEUE FPROUND FPSCHED FPSOCKRE FPTCPDOW FPTCPREQ FPTCPUP FPUTIL F6TCPDOW F6TCPREQ F6TCPUP TCACB TCBASTY TCMIB TCMON TCPARSE TCPEQUAT TCPIP TCPRINT TCPSSL TCPUP TCQUEUE TCTCB TCUTIL SRLS: NONE RTN CODES: CIRCUMVENTION: MESSAGE TO SUBMITTER: