WINDOW SCALING ERRORS DEGRADE SECURE CONNECTION THROUGHPUT
APAR Identifier ...... PK84255 Last Changed ........ 09/08/24 WINDOW SCALING ERRORS DEGRADE SECURE CONNECTION THROUGHPUT Symptom ...... PR PERFORMANCE Status ........... CLOSED PER Severity ................... 4 Date Closed ......... 09/04/16 Component .......... 5735FAL00 Duplicate of ........ Reported Release ......... 530 Fixed Release ............ 999 Component Name TCP/IP V2 FOR V Special Notice Current Target Date .. Flags SCP ................... Platform ............ Status Detail: SHIPMENT - Packaged solution is available for shipment. PE PTF List: PTF List: Release 530 : UK45879 available 09/04/21 (0902 ) Release 540 : UK45880 available 09/04/21 (0902 ) Parent APAR: Child APAR list: ERROR DESCRIPTION: When a secure file transfer (FTP) of a large file is performed, the time required for such a transfer is significantly greater than for a nonsecure transfer of that same file. CPU utilization and DASD I/O have been determined to not be factors in causing this discrepency. Investigation of this problem has shown that the observed performance degredataion occurs due to the manner in which the TCP/IP server uses and manages data buffers, as data is processed for the virtual machines involved in the data transfer (the FTP and SSL servers, in this instance). LOCAL FIX: None. PROBLEM SUMMARY: **************************************************************** * USERS AFFECTED: All z/VM TCP/IP SSL users that negotiate TLS * * security * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: APPLY PTF * **************************************************************** Performance is degraded for large data transfers that flow through the z/VM SSL server when TLS security is negotiated. In some cases, the degradation can be significant. PROBLEM CONCLUSION: When TLS security is negotiated, the original non-secure connection is broken into multiple connections with the SSL server in the middle. The internal connection that is established between the SSL server and the client/server incorrectly reset the window scale for one side of the connection. This mismatch caused the window size to be miscalculated causing retransmissions and time delays. The window scale factors have been updated so that they match on both sides of the internal connection. Data IS NO LONGER RETRANSMITTED CONSISTENTLY FOR LARGE DATA transfers. TEMPORARY FIX: COMMENTS: MODULES/MACROS: TCPIP TCPSSL SRLS: NONE RTN CODES: CIRCUMVENTION: MESSAGE TO SUBMITTER: