User job for transfer to XCOM for Windows partner occasionally gets S0C4 abend when using SSL v3, and works fine when retried.
Job log shows:
===
21.02.10 JOB01895 XCOMM1516W SSLv3 protocol enabled. This is an obsolete and insecure protocol. It is recommended to switch
SSL_METHOD to TLS
21.02.16 JOB01895 CCSR010E XCOMSTSK S0C4 at 00000000 LMOD N/A CSECT N/A +N/A FBSDFS02 N/A XCOMTRAN
21.02.16 JOB01895 CCSR061I PSW: 00000000 00000000 078D1000 8003AA2A
21.02.16 JOB01895 CCSR062I ILC: 02 INTERRUPT CODE: 0D
21.02.16 JOB01895 CCSR067I COMPLETION CODE S0C4 REASON CODE 00000004
...
The Language Environment error message (normally printed to ddname SYSOUT) shows
CEE3204S The system detected a protection exception (System Completion Code=0C4).
From entry point format_distinguished_names at statement 7195 at compile unit offset +000001F6 at entry
offset +000001F6 at address 25C377BE.
The formatted Language Environment abend information (normally printed to ddname CEEDUMP which is dynamically allocated) shows:
Traceback:
DSA Entry E Offset Statement Load Mod Program Unit Service Status
1 CEEKDUMP +00000F20 CEEPLPKA CEEKDUMP HLE77C0 Call
2 CEEVSSFR +00000012 CEEPIPI CEEVSSFR HLE77C0 Call
3 CEEHDSP +00004AE2 CEEPLPKA CEEHDSP UI75815 Call
4 format_distinguished_names
+000001F6 7275 XCOMCINT Exception
5 format_certificate_request
+000005D8 7149 XCOMCINT Call
6 format_handshake
+0000022E 6347 XCOMCINT Call
7 analyze_secondary_buffer
+000001B4 7744 XCOMCINT Call
8 analyze_received_data
+000000C0 6193 XCOMCINT Call
9 ReceiveSystemSSLExit
+0000018E 1562 XCOMCINT Call
10 gsk_read_v3_record
+00000760 GSKS31 Call
11 gsk_perform_v3_client_handshake
+000002EC GSKS31 Call
12 gsk_secure_socket_init
+0000108A GSKS31 Call
13 gsk_secure_socket_init
+00000096 GSKSSL Call
14 system_ssl_do_client_connect
+00000DC2 2606 XCOMCINT Call
15 TxpiInitClientSystemSSL
+0000016E 2977 XCOMCINT Call
16 CInterface +000018AA 684 XCOMCINT Call
17 @@FECB
-0526DA9C Call
18 @@GETFN +000000C2 CEEEV003 Call
19 CEEBPCAS +00001058 CEEPIPI CEEBPCAS HLE77C0 Call
Release : 12.0
Component : XCOM Data Transport for z/OS
The older SSL v3 protocol is being used for the transfer.
XCOM Engineering's previous experience of this type of problem is that it is related to the use of an older OpenSSL version on the XCOM partner. That version has some random problem which causes an invalid "distinguished names" section of an incoming SSL certificate to be presented to the XCOM code.
It is confirmed that the XCOM for Windows partner is running Windows 11.6 64-bit SP00 which uses the older CAPKI 4.3.0 (OpenSSL 0.9.8h): XCOM support of SHA-2 certificates & CAPKI/OpenSSL versions
The recommended solution is to upgrade the XCOM partner to Windows service pack SP01 or later which both provides a newer version of OpenSSL and can also use the more secure TLS v1.1/v1.2 (assuming System SSL is then used on z/OS): Enhancements for Service Packs
Even if SSLv3 is still used, with the use of the later OpenSSL on the partner it would be hoped that would resolve the problem.
If upgrade is not possible then setting VERIFY_CERTIFICATE to NO in the XCOM for Windows configssl.cnf file is another potential option to resolve the problem (depending on transfer direction set it for RECEIVE_SIDE or INITIATE_SIDE or both).
Ideally upgrading to the latest SP03 + latest patch would be the most efficient way to maximise the benefit of the upgrade, but that depends on the support for the specific Windows OS version: XCOM Data Transport - Distributed Platform Compatibilities
1. XCOM for Windows 11.6 SP03 can be downloaded from here: https://support.broadcom.com/group/ecx/productfiles?sellable=XCOMSR059&release=11.6&os=WINDOWS%20NT&servicePk=SP03&language=EN
Download & install "CA XCOM Data Transport for Windows 64-bit 11.6 SP03- Product Package" DVD0000000002021.iso
Upgrade steps can be found here: CA XCOM™ Data Transport® for Windows 11.6 Service Packs > Installing and Upgrading
2. The XCOM 11.6 SP03 Solutions (patches) page is here and only the latest patch needs to be installed (XCOM patches are cumulative):
https://support.broadcom.com/group/ecx/solutionfiles?sellable=XCOMSR059&os=WINDOWS-ALL&release=11.6&solution=XCOM%20Data%20Transport%20for%20Windows%20Family%20Server%20WINDOWS-ALL&subfamily=XCOM