Initiated a transfer from XCOM for z/OS that is configured with IBM System SSL to a XCOM for z/OS configured with OpenSSL. The transfer fails with the following message on the receiving server:
XCOMM0780E Txpi 308: TxpiInitSSL Failed msg = <error:14094417:SSL routines:SSL3_READ_BYTES:sslv3 alert illegal parameter +++ SS
Release : 12.0
Component : XCOM Data Transport for z/OS
Capture a System SSL trace and have Security Admin or IBM review it. This is not an XCOM trace, but an SSL trace that will assist in determining the actual cause of the message. According to IBM documentation:
410 SSL message format is incorrect.
Last Updated: 2021-06-25
Explanation
An incorrectly formatted SSL message is received from the communication partner.
User response
Collect a System SSL trace containing a dump of the SSL message and then contact your service representative.
To enable the System SSL trace you would do the following:
you need to add the following to the JCL:
//CEEOPTS DD *
ENVAR("GSK_TRACE=0x3F",
"GSK_TRACE_FILE=/tmp/gskssl.%.trc")
/*
The CEEOPTS DD statement is used to specify LE runtime options. The ENVAR option is used to set environment variables which System SSL will use during the run. Variable GSK_TRACE enables System SSL tracing and GSK_TRACE file specifies the name of the UNFORMATTED trace file which will be created by SystemSSL. The percent sign in the file name replaces to the numeric Unix process ID which creates the file. Value /tmp/gskssl.%.trc is the default and of course you may specify a different name if you need.
Once you have the unformatted SystemSSL trace file, you need to format it into readable statements using the 'gsktrace' utility. The command is:
gsktrace input_file > output_file