IBM: TCP/IP for VM

UNEXPECTED PROMPT WHEN ESTABLISHING A SECURE CONNECTION

 
 APAR Identifier ...... PK84182      Last Changed ........ 09/06/19
 UNEXPECTED PROMPT WHEN ESTABLISHING A SECURE CONNECTION
 
 Symptom ...... IN INCORROUT         Status ........... CLOSED  PER
 Severity ................... 3      Date Closed ......... 09/04/13
 Component .......... 5735FAL00      Duplicate of ........
 Reported Release ......... 540      Fixed Release ............ 999
 Component Name TCP/IP V2 FOR V      Special Notice       ATTENTION
 Current Target Date ..              Flags
 SCP ...................
 Platform ............               PERVASIVE
 
 Status Detail: SHIPMENT - Packaged solution is available for
                           shipment.
 
 PE PTF List:
 
 PTF List:
 Release 540   : UK45770 available 09/06/19 (0902 )
 
 Parent APAR:
 Child APAR list:
 
 ERROR DESCRIPTION:
 When one attempts to establish an implicit secure connection
 with a z/VM host configured to support secure connections, one
 might encounter a prompt (presented by the client in use) for a
 certificate password, or, to present a client certificate (to
 satisfy a server request for such a certificate).  The reported
 prompts occur when connecting to only a z/VM 540 system.  When
 the same client / configuration is used to connect to a
 prior-level z/VM host (also configured for secure connectivity),
 no prompts are presented and the subject connections proceed as
 expected.
 
 LOCAL FIX:
 None.
 
 PROBLEM SUMMARY:
 ****************************************************************
 * USERS AFFECTED: ALL USERS OF Z/VM SSL SERVER                 *
 ****************************************************************
 * PROBLEM DESCRIPTION:                                         *
 ****************************************************************
 * RECOMMENDATION: APPLY PTF                                    *
 ****************************************************************
 An implicit ('static') connection using the z/VM 5.4.0 SSL
 server results in asking the client initiating the connection to
 authenticate.  This may cause the end-user interface generating
 the secure connection to prompt a user for authentication.
 Secure connections that are explicit ('dynamic') do not
 exhibit this behavior.
 
 PROBLEM CONCLUSION:
 A control block used for both dynamic and static connections
 is missing the proper initialization of a field in the case
 of a static connection.   The fix is to initialize the field
 once the determination has been made that the connection is
 static.
 
 TEMPORARY FIX:
 
 COMMENTS:
 
 MODULES/MACROS:   SSLSERV  SSLVMAIN
 
 SRLS:      NONE
 
 RTN CODES:
 
 CIRCUMVENTION:
 
 MESSAGE TO SUBMITTER: