PEPK97438 SSL SESSIONS NOT CLOSED DUE TO UNEXPECTED DATA
APAR Identifier ...... PM40046 Last Changed ........ 11/12/20 PEPK97438 SSL SESSIONS NOT CLOSED DUE TO UNEXPECTED DATA Symptom ...... IN INCORROUT Status ........... CLOSED PER Severity ................... 3 Date Closed ......... 11/06/20 Component .......... 5735FAL00 Duplicate of ........ Reported Release ......... 540 Fixed Release ............ 999 Component Name TCP/IP V2 FOR V Special Notice Current Target Date ..11/08/20 Flags SCP ................... Platform ............ Status Detail: SHIPMENT - Packaged solution is available for shipment. PE PTF List: PTF List: Release 540 : UK68939 available 11/06/20 (1102 ) Release 610 : UK68940 available 11/06/20 (1102 ) Parent APAR: Child APAR list: ERROR DESCRIPTION: After use of a LOGOFF command within a secured Telnet session, the subject client emulator session is seen to hang. When this situation occurs, the SSL server likely reports the following error: DTCSSL107E Internal error: unexpected data (8 bytes: "xxxxxxxx") from SSL socket read while shutdown: expected "CONN CLOSED" The reported data (xxxxxxxx) can vary, but is most often similar to "'3&"3& " (where some data cannot be displayed). A comparison of NETSTAT CONN results (acquired when the connection is established, then after the LOGOFF command has been processed) shows the (Telnet) SSL server-to-application connection as closed, while the SSL server-to-client (emulator host) connection remains in place. LOCAL FIX: None. PROBLEM SUMMARY: **************************************************************** * USERS AFFECTED: Users of some 3270 Emulator products, * * namely those that fail to cleanly shut down * * the SSL session when shutdown is initiated * * from the server side of a secure connection. * **************************************************************** * PROBLEM DESCRIPTION: When a user types 'LOGOFF' in the * * terminal emulator during an SSL telnet * * session, and the Telnet server * * terminates the connection, the SSL * * server tries to shutdown the SSL * * session, waits for the client to * * acknowledge the SSL shutdown, and then * * terminates the TCP session. If the * * terminal emulator fails to acknowledge * * the SSL shutdown, the TCP session * * between the emulator and the VM SSL * * server remains active, and appears * * "hung" to the user. The user sees the * * last text sent by the Telnet server * * (which happens to be "Press ENTER or * * any key to continue") on the screen, * * but there is no reaction to key * * presses. At this point, a "Disconnect" * * operation in the emulator will clean * * up this condition. * **************************************************************** * RECOMMENDATION: APPLY PTF * **************************************************************** The SSL server fails to terminate sessions with 3270 emulators which fail to acknowledge the SSL shutdown request. PROBLEM CONCLUSION: This APAR is a PE of PK97438. The SSL server code was changed in such a way that if the local application (Telnet server) closes the connection, shutdown of the SSL session is performed immediately, without waiting for the remote party to acknowledge the shutdown. The TCP session then is closed immediately as well. For the described problem, these changes make the connection close behavior of the SSL server comparable with that of prior levels of the server. TEMPORARY FIX: COMMENTS: MODULES/MACROS: SSLGSKCF SSLSERV SRLS: NONE RTN CODES: CIRCUMVENTION: Disconnecting the session in the terminal emulator (e.g. pressing a "Disconnect" button) should return the emulator and connections to their proper state. MESSAGE TO SUBMITTER: