RECURSIVE ABENDS DURING TCP/IP SHUTDOWN WITH SSL
PRINT SELECTION FOR APAR - PH13366 19/12/11 APAR= PH13366 SER= AB ABEND RECURSIVE ABENDS DURING TCP/IP SHUTDOWN WITH SSL STAT= CLOSED PER FESN0461035- CTID= EN0313 ISEV= 3 SB19/06/13 RC19/06/13 CL19/06/21 PD SEV= 3 PE= TYPE= F RCOMP= 5735FAL00 TCP/IP FOR Z/VM RREL= R710 FCOMP= 5735FAL00 TCP/IP FOR Z/VM PFREL= F999 TREL= T ACTION= SEC/INT= N DUP/ USPTF= UI63805 PDPTF= DUPS 0 DW19/06/13 RT19/06/13 SC FT RE PT UP LP PV AP EN FL LC19/07/03 RU19/07/03 OT CT FR TD TYPE OF SOLUTION= PROJECTED CLOSE CODE= CUST INST LVL/SU= FAILING MODULE= TCPSSL FAILING LVL/SU= 710 SYSROUTE OF: RET APAR= PS= STATUS DETAIL= SHIPMENT RELIEF AVAILABLE= COMP OPER ENV= 710 N N SCP/ F/ TYPE OF SOLUTION= PROJECTED CLOSE CODE= CUST INST LVL/SU= FAILING MODULE= FAILING LVL/SU= SYSROUTE OF: RET APAR= N PS= STATUS DETAIL= N N N N N RELIEF AVAILABLE= COMP OPER ENV= SYSRES= SYSIN= SYSOUT= CPU= RE-IPL= OPTYPE= SPECIAL ACTIVITY= REGRESSION= PRE-SCREEN NO.= RSCP= RS710 ERROR DESCRIPTION: Recursive abends may occur during TCP/IP shutdown when there are outstanding SSL handshake requests in progress. These abends will be logged in the TCP/IP console log. LOCAL FIX: N/A PROBLEM SUMMARY: **************************************************************** * USERS AFFECTED: All TCP/IP users that secure connections * * through the z/VM SSL server. * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: APPLY PTF * **************************************************************** Shutting down the TCP/IP stack while an SSL handshake is in progress may cause a recursive abend loop in the stack. PROBLEM CONCLUSION: Several different abends were reported within the recursive abend loop. This APAR will address the following problems that were detected: - When an SSL handshake fails with an error other than an internal TCP/IP error, the handshake is attempted on the next available SSL server. During TCP/IP shutdown, all available SSL servers are moved to the Eligible list and therefore no SSL servers are available. The code has been updated to detect this condition and fail the handshake. - The SslSend routine sends data from the TCP/IP stack to the SSL server. It has been updated to check that the control block address that is passed in is not nil. If it is nil, the send fails with a FatalError. - A check was added to make sure that a handshake request is in progress before responding to it. Updates were made to set/reset the handshake in progress flag appropriately. TEMPORARY FIX: COMMENTS: MODULES/MACROS: CMNETST TCNOTIF TCPREQU TCPSSL TCUTIL T6PSSL SRLS: NONE RTN CODES: APPLICABLE COMPONENT LEVEL/SU: R710 PSY UI63805 UP19/07/03 I 1000 CIRCUMVENTION: MESSAGE TO SUBMITTER: