SSL SOCKET MAY PREMATURELY CLOSE AT END OF SESSION
APAR Identifier ...... PI81678 Last Changed ........ 17/12/11
SSL SOCKET MAY PREMATURELY CLOSE AT END OF SESSION
Symptom ...... IN INCORROUT Status ........... CLOSED PER
Severity ................... 4 Date Closed ......... 17/06/30
Component .......... 5735FAL00 Duplicate of ........
Reported Release ......... 640 Fixed Release ............ 999
Component Name TCP/IP FOR Z/VM Special Notice
Current Target Date .. Flags
SCP ...................
Platform ............
Status Detail: SHIPMENT - Packaged solution is available for
shipment.
PE PTF List:
PTF List:
Release 640 : UI48493 available 17/06/30 (1702 )
Parent APAR:
Child APAR list:
ERROR DESCRIPTION:
A secure client that uses the z/VM SSL server to communicate
with an external secure server (such as HTTPS) may experience
a loss of data when the secure socket is closed by the server.
This is due to the fact that the z/VM SSL server may close the
client socket before all of the data has been delivered.
LOCAL FIX:
PROBLEM SUMMARY:
****************************************************************
* USERS AFFECTED: All users of TCP/IP writing their own C or *
* IUCV secure Clients/Servers. *
****************************************************************
* PROBLEM DESCRIPTION: *
****************************************************************
* RECOMMENDATION: APPLY PTF *
****************************************************************
When a client/server issues a Shutdown on a secure socket after
sending all of it's data, the SSL server may send out a
close_notify indication to the other side before all of the
data has been delivered.
PROBLEM CONCLUSION:
The SSL server and the TCP/IP stack have both been modified to
fix this problem.
The h_wrt_clean and h_rdr_sslio routines in part SSLDPUMP C
of the SSL Server have been updated to send out all data that
had been received before the socket was shutdown prior to
sending a close_notify indication.
The TCP/IP stack has been updated to only reflect a
close_notify indication on a read when there is no more
data to receive.
TEMPORARY FIX:
COMMENTS:
**** AE17/06/27 FIX IN ERROR. SEE APAR PI83672 FOR DESCRIPTION
MODULES/MACROS:
FPTCPREQ F6TCPREQ SSLADMIO SSLADMNP SSLCACHE SSLCIPHS SSLCTLIO
SSLDPUMP SSLDSPTC SSLGSKCF SSLMNTOR SSLPARGS SSLREPRT SSLSCBEX
SSLSTART SSLTOOLS SSLTRACE SSLTRSIT TCPREQU T6PREQU
SRLS:
NONE
RTN CODES:
CIRCUMVENTION:
MESSAGE TO SUBMITTER: