SSL SERVER ENABLEMENT SUPPORT
APAR Identifier ...... PK65850 Last Changed ........ 09/03/24 SSL SERVER ENABLEMENT SUPPORT Symptom ...... NF NEWFUNCTION Status ........... CLOSED UR1 Severity ................... 4 Date Closed ......... 08/12/04 Component .......... 5735FAL00 Duplicate of ........ Reported Release ......... 540 Fixed Release ............ 999 Component Name TCP/IP V2 FOR V Special Notice ATTENTION Current Target Date .. Flags SCP ................... NEW FUNCTION Platform ............ Status Detail: SHIPMENT - Packaged solution is available for shipment. PE PTF List: PTF List: Release 540 : UK40952 available 08/12/12 (0901 ) Parent APAR: Child APAR list: ERROR DESCRIPTION: CMS-based SSL server enablement support for z/VM 540. LOCAL FIX: Not Applicable. PROBLEM SUMMARY: **************************************************************** * USERS AFFECTED: All users of the z/VM SSL server. * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: APPLY PTF * **************************************************************** PROBLEM CONCLUSION: TEMPORARY FIX: COMMENTS: With this support, TCP/IP for z/VM provides CMS-based SSL server capabilities, as described in the z/VM version 5 release 4 announcement material and available TCP/IP for z/VM publications. See these references (including the updated publications, noted below) for detailed information about the z/VM 540 SSL server. Additional information concerning configuration of the z/VM 540 SSL server can be found at this z/VM web site URL: http://www.vm.ibm.com/related/tcpip/vmsslinf.html ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Important Notes: ---------------- 1) The following APARs must also be applied in conjunction with this APAR: TCP/IP APARs: APAR Description ------- -------------------------------------------------- PK73085 TCP/IP Server Updates for SSL Server Support PK75268 AMPX036I Assertion Closing a Secure x3270 Session CMS APARs: APAR Description ------- -------------------------------------------------- VM64569 Performance Improvement for C Sockets on CMS VM64540 Employ Socket Cancel() Without Reply() 2) After the updates associated with this APAR have been applied to your system, the following *MANUAL* steps must be complete a) Logon the TCP/IP z/VM 540 installation and service user ID (5VMTCP40, or its equivalent). b) After this user IDs PROFILE EXEC has completed, issue a VMFSETUP command appropriate for your installation (that is, use your installation's e PPF override name in place of 'tcpip' for the VMFSETUP command shown): vmfsetup 5vmtcp40 tcpip c) Invoke the LOADBFS command so that the SSLSERV LOADBFS file is processed. (the provided update of this file changes the "owner" of the SSLSERV file space to be the user ID 'GSKADMIN'): loadbfs sslserv loadbfs d) Logoff the TCP/IP z/VM 540 installation and service user ID. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ The z/VM 5.4.0 publications (cited below) will be updated in December 2008, and will be available at this z/VM web site URL: http://www.vm.ibm.com/library/ The changes summarized below will be incorporated in the publication updates: ---------------------------------------------------------------- Publication Title: TCP/IP Planning and Customization Order Number SC24-6125 + Chapter 1 includes updated information about the use of user IDs different from the GSKADMIN and SSLSERV user IDs. + Chapter 5 includes an updated description about the GSKADMIN user ID. + Chapter 20 includes updated information for initial setup of the SSL server certificate (key) database, information about the VMSSL/SSLADMIN DEBUG tracing operand, as well as other minor additions or corrections. ---------------------------------------------------------------- Publication Title: TCP/IP Messages and Codes Order Number GC24-6124 + Chapter 18 includes documentation for these added messages: DTCSSL103E SSLADMIN communication error: {QueueCreate| QueueReply|QueueReceiveBlock} error; rc: <rc> reason: <reason> DTCSSL2424W Server &1 is in a 'LOGOFF/FORCE pending' state; No action will be taken against this server DTCSSL2425W Server &1 is not running disconnected DTCSSL2426E Server configuration error: Multiple virtual CPUs are defined Minor changes for messages DTCSSL050E and DTCSSL209E are also included. ---------------------------------------------------------------- Publication Title: TCP/IP Diagnosis Guide Order Number GC24-6123 + Chapter 14 includes additional information about the TRACE DEBUG SSL server trace, along with some minor text and example corrections. MODULES/MACROS: DTCUME DTCUMEB IBM SSLADMIN SSLSERV SSLSTFL SSLVMADM SSLVMAIN SSLVMCOM SSLVMDB SSLVMGSK SSLVMMON SSLXBINT TCPBLP91 VMSSL SRLS: SC24612505 GC24612404 GC24612304 RTN CODES: CIRCUMVENTION: MESSAGE TO SUBMITTER: