Receiving error message DFHSO0123 when establishing an SSL connection with CICS running under CA Top Secret

book

Article ID: 144509

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

Setup CICS with digital certificates and getting the following error message:

DFHSO0123 01/07/2020 16:50:43 S1CXL2 Return code 412 received from function gsk_secure_socket_init  of System SSL. Reason:     
            Unsupported operation. Peer: 10.30.198.7, TCPIPSERVICE: ISIDIPIC.                                                   
 DFHIS1012 01/07/2020 16:50:43 S1CXL2 Invalid capability exchange request received on TCPIPSERVICE ISIDIPIC. Error code is (code
            X'0523').  

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

CICS is receiving a SOURCE restriction failure. To resolve the problem, there are two option:

1. Authorize the CICS region acid to the SOURCE via TSS ADD(cicsregion) SOURCE(source)

2. Set OPTIONS(88) in the CA Top Secret Control Options File TSSPARMS. Allows an issued RACROUTE security call with POE=port_of_entry_address even when the ACID has a SOURCE restriction that does not match the port of entry (POE) address.