SSL SERVER ENABLEMENT SUPPORT
APAR Identifier ...... PK65850 Last Changed ........ 09/03/24
SSL SERVER ENABLEMENT SUPPORT
Symptom ...... NF NEWFUNCTION Status ........... CLOSED UR1
Severity ................... 4 Date Closed ......... 08/12/04
Component .......... 5735FAL00 Duplicate of ........
Reported Release ......... 540 Fixed Release ............ 999
Component Name TCP/IP V2 FOR V Special Notice ATTENTION
Current Target Date .. Flags
SCP ................... NEW FUNCTION
Platform ............
Status Detail: SHIPMENT - Packaged solution is available for
shipment.
PE PTF List:
PTF List:
Release 540 : UK40952 available 08/12/12 (0901 )
Parent APAR:
Child APAR list:
ERROR DESCRIPTION:
CMS-based SSL server enablement support for z/VM 540.
LOCAL FIX:
Not Applicable.
PROBLEM SUMMARY:
****************************************************************
* USERS AFFECTED: All users of the z/VM SSL server. *
****************************************************************
* PROBLEM DESCRIPTION: *
****************************************************************
* RECOMMENDATION: APPLY PTF *
****************************************************************
PROBLEM CONCLUSION:
TEMPORARY FIX:
COMMENTS:
With this support, TCP/IP for z/VM provides CMS-based SSL
server capabilities, as described in the z/VM version 5 release
4 announcement material and available TCP/IP for z/VM
publications.
See these references (including the updated publications, noted
below) for detailed information about the z/VM 540 SSL server.
Additional information concerning configuration of the z/VM 540
SSL server can be found at this z/VM web site URL:
http://www.vm.ibm.com/related/tcpip/vmsslinf.html
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Important Notes:
----------------
1) The following APARs must also be applied in conjunction with
this APAR:
TCP/IP APARs:
APAR Description
------- --------------------------------------------------
PK73085 TCP/IP Server Updates for SSL Server Support
PK75268 AMPX036I Assertion Closing a Secure x3270 Session
CMS APARs:
APAR Description
------- --------------------------------------------------
VM64569 Performance Improvement for C Sockets on CMS
VM64540 Employ Socket Cancel() Without Reply()
2) After the updates associated with this APAR have been applied
to your system, the following *MANUAL* steps must be complete
a) Logon the TCP/IP z/VM 540 installation and service user
ID (5VMTCP40, or its equivalent).
b) After this user IDs PROFILE EXEC has completed, issue a
VMFSETUP command appropriate for your installation (that
is, use your installation's e PPF override name in place
of 'tcpip' for the VMFSETUP command shown):
vmfsetup 5vmtcp40 tcpip
c) Invoke the LOADBFS command so that the SSLSERV LOADBFS
file is processed. (the provided update of this file
changes the "owner" of the SSLSERV file space to be the
user ID 'GSKADMIN'):
loadbfs sslserv loadbfs
d) Logoff the TCP/IP z/VM 540 installation and service
user ID.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The z/VM 5.4.0 publications (cited below) will be updated in
December 2008, and will be available at this z/VM web site URL:
http://www.vm.ibm.com/library/
The changes summarized below will be incorporated in the
publication updates:
----------------------------------------------------------------
Publication Title: TCP/IP Planning and Customization
Order Number SC24-6125
+ Chapter 1 includes updated information about the use of user
IDs different from the GSKADMIN and SSLSERV user IDs.
+ Chapter 5 includes an updated description about the GSKADMIN
user ID.
+ Chapter 20 includes updated information for initial setup of
the SSL server certificate (key) database, information about
the VMSSL/SSLADMIN DEBUG tracing operand, as well as other
minor additions or corrections.
----------------------------------------------------------------
Publication Title: TCP/IP Messages and Codes
Order Number GC24-6124
+ Chapter 18 includes documentation for these added messages:
DTCSSL103E SSLADMIN communication error: {QueueCreate|
QueueReply|QueueReceiveBlock} error; rc: <rc>
reason: <reason>
DTCSSL2424W Server &1 is in a 'LOGOFF/FORCE pending' state;
No action will be taken against this server
DTCSSL2425W Server &1 is not running disconnected
DTCSSL2426E Server configuration error: Multiple virtual
CPUs are defined
Minor changes for messages DTCSSL050E and DTCSSL209E are also
included.
----------------------------------------------------------------
Publication Title: TCP/IP Diagnosis Guide
Order Number GC24-6123
+ Chapter 14 includes additional information about the TRACE
DEBUG SSL server trace, along with some minor text and
example corrections.
MODULES/MACROS: DTCUME DTCUMEB IBM SSLADMIN SSLSERV
SSLSTFL SSLVMADM SSLVMAIN SSLVMCOM SSLVMDB SSLVMGSK SSLVMMON
SSLXBINT TCPBLP91 VMSSL
SRLS: SC24612505 GC24612404 GC24612304
RTN CODES:
CIRCUMVENTION:
MESSAGE TO SUBMITTER: