After applying TLS maintenance, the Common Services for z/OS r14.1 procs CCISSL and/or CCISSLGW may fail with a JCL error
search cancel

After applying TLS maintenance, the Common Services for z/OS r14.1 procs CCISSL and/or CCISSLGW may fail with a JCL error

book

Article ID: 114986

calendar_today

Updated On:

Products

CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services Datacom/AD CA ECOMETER SERVER COMPONENT FOC Easytrieve Report Generator for Common Services INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Compress Data Compression for MVS Compress Data Compression for Fujitsu

Issue/Introduction

I've just rolled out maintenance to Common Services r14.1 for TLS compatibility.   The maintenance changed the CCISSL and CCISSLGW procs and added a new parm  FIPS=YES/NO .  Now when  CCISSLGW tries to start, I receive a JCL error "excessive parameter length in the parm field". 

Environment

CA Common Services for z/OS r14.1 executing the CCISSL and/or CCISSLGW procs using TLS 1.1 or 1.2.   

Cause

A new parm was added to the procs for TLS, FIPS=YES/NO.  When used in conjunction with other parm values, it may exceed the IBM mandated 100 character limit for parms causing a JCL error..   
 

Resolution

  • Use the NETPARM DD statement introduced for TLS 1.2 support by PTF RO94761
  • The NETPARM DD statement was added to both the CCISSL and CCISSLGW procs
  • The NETPARM DD points to a new member CAW4NETP included in the CAW0OPTN dataset
  • CAW4NETP includes the parms formerly included only on ithe parm statement itself
  • Prevents the JCL errors that may result by exceeding the IBM mandated 100 character limit on a parm statement
  • No limit to the number of characters if included in the CAW4NETP member
    • nSome Examples are:
      • CERT= Server Certificate Label Name
      • KEYRING= Name of an externa security keyring
      • PORT=  Name of the Listen Port
      • PROT= Security protocols enabled (including TLS)
      • UNSECON= Accept non-SSL clients
      • FIPS= Enable FIPS mode

Additional Information

Please review the CCISSL TLS Maintenance 
  • RO94761 - which adds TLS support to CCIMVS
  • RI96228 - which describes the changes to the procs and adds support for the NETPARM statement
  • RO99465 - which allows parm values using an embedded blank and updates the proc comments to indicate TLS
  • The Common Services r14.1 Documentation wiki describing the //NETPARM DD statement 
Powered by Wolken Software