Receiving error message DFHSO0123 when establishing an SSL connection with CICS running under CA Top Secret
book
Article ID: 144509
calendar_today
Updated On:
Products
Top SecretTop Secret - LDAP
Issue/Introduction
Setup CICS with digital certificates and getting the following error message:
DFHSO0123 01/07/2020 16:50:43 S1CXL2 Return code 412 received from function gsk_secure_socket_init of System SSL. Reason: Unsupported operation. Peer: 10.30.198.7, TCPIPSERVICE: ISIDIPIC. DFHIS1012 01/07/2020 16:50:43 S1CXL2 Invalid capability exchange request received on TCPIPSERVICE ISIDIPIC. Error code is (code X'0523').
Environment
Release : 16.0
Component : CA Top Secret for z/OS
Resolution
CICS is receiving a SOURCE restriction failure. To resolve the problem, there are two option:
1. Authorize the CICS region acid to the SOURCE via TSS ADD(cicsregion) SOURCE(source)
2. Set OPTIONS(88) in the CA Top Secret Control Options File TSSPARMS. Allows an issued RACROUTE security call with POE=port_of_entry_address even when the ACID has a SOURCE restriction that does not match the port of entry (POE) address.