XCOM random S0C4 abends in format_distinguished_names (SSLv3)
search cancel

XCOM random S0C4 abends in format_distinguished_names (SSLv3)

book

Article ID: 232513

calendar_today

Updated On:

Products

XCOM Data Transport - z/OS XCOM Data Transport XCOM Data Transport - Linux PC XCOM Data Transport - Windows

Issue/Introduction

User job for transfer to XCOM for Windows partner occasionally gets S0C4 abend when using SSL v3, and works fine when retried. 

Job log shows:
===

21.02.10 JOB01895  XCOMM1516W SSLv3 protocol enabled. This is an obsolete and insecure protocol. It is recommended to switch
                           SSL_METHOD to TLS
21.02.16 JOB01895  CCSR010E XCOMSTSK S0C4 at 00000000 LMOD N/A CSECT N/A +N/A FBSDFS02 N/A XCOMTRAN
21.02.16 JOB01895  CCSR061I PSW: 00000000 00000000 078D1000 8003AA2A
21.02.16 JOB01895  CCSR062I ILC: 02 INTERRUPT CODE: 0D
21.02.16 JOB01895  CCSR067I COMPLETION CODE S0C4 REASON CODE 00000004
...

The Language Environment error message (normally printed to ddname SYSOUT) shows

CEE3204S The system detected a protection exception (System Completion Code=0C4).
        From entry point format_distinguished_names at statement 7195 at compile unit offset +000001F6 at entry
          offset +000001F6 at address 25C377BE.

The formatted Language Environment abend information (normally printed to ddname CEEDUMP which is dynamically allocated) shows:

   Traceback:
     DSA   Entry       E  Offset  Statement   Load Mod             Program Unit                   Service  Status
     1     CEEKDUMP    +00000F20              CEEPLPKA             CEEKDUMP                       HLE77C0  Call
     2     CEEVSSFR    +00000012              CEEPIPI              CEEVSSFR                       HLE77C0  Call
     3     CEEHDSP     +00004AE2              CEEPLPKA             CEEHDSP                        UI75815  Call
     4     format_distinguished_names
                       +000001F6  7275        XCOMCINT                                                     Exception
     5     format_certificate_request
                       +000005D8  7149        XCOMCINT                                                     Call
     6     format_handshake
                       +0000022E  6347        XCOMCINT                                                     Call
     7     analyze_secondary_buffer
                       +000001B4  7744        XCOMCINT                                                     Call
     8     analyze_received_data
                       +000000C0  6193        XCOMCINT                                                     Call
     9     ReceiveSystemSSLExit
                       +0000018E  1562        XCOMCINT                                                     Call
     10    gsk_read_v3_record
                       +00000760              GSKS31                                                       Call
     11    gsk_perform_v3_client_handshake
                       +000002EC              GSKS31                                                       Call
     12    gsk_secure_socket_init
                       +0000108A              GSKS31                                                       Call
     13    gsk_secure_socket_init
                       +00000096              GSKSSL                                                       Call
     14    system_ssl_do_client_connect
                       +00000DC2  2606        XCOMCINT                                                     Call
     15    TxpiInitClientSystemSSL
                       +0000016E  2977        XCOMCINT                                                     Call
     16    CInterface  +000018AA  684         XCOMCINT                                                     Call
     17    @@FECB
                       -0526DA9C                                                                           Call
     18    @@GETFN     +000000C2              CEEEV003                                                     Call
     19    CEEBPCAS    +00001058              CEEPIPI              CEEBPCAS                       HLE77C0  Call

 

Environment

Release : 12.0

Component : XCOM Data Transport for z/OS

Cause

The older SSL v3 protocol is being used for the transfer.
XCOM Engineering's previous experience of this type of problem is that it is related to the use of an older OpenSSL version on the XCOM partner. That version has some random problem which causes an invalid "distinguished names" section of an incoming SSL certificate to be presented to the XCOM code.
It is confirmed that the XCOM for Windows partner is running Windows 11.6 64-bit SP00 which uses the older CAPKI 4.3.0 (OpenSSL 0.9.8h): XCOM support of SHA-2 certificates & CAPKI/OpenSSL versions

Resolution

The recommended solution is to upgrade the XCOM partner to Windows service pack SP01 or later which both provides a newer version of OpenSSL and can also use the more secure TLS v1.1/v1.2 (assuming System SSL is then used on z/OS): Enhancements for Service Packs
Even if SSLv3 is still used, with the use of the later OpenSSL on the partner it would be hoped that would resolve the problem.
If upgrade is not possible then setting VERIFY_CERTIFICATE to NO in the XCOM for Windows configssl.cnf file is another potential option to resolve the problem (depending on transfer direction set it for RECEIVE_SIDE or INITIATE_SIDE or both).

Additional Information

Ideally upgrading to the latest SP03 + latest patch would be the most efficient way to maximise the benefit of the upgrade, but that depends on the support for the specific Windows OS version: XCOM Data Transport - Distributed Platform Compatibilities

1. XCOM for Windows 11.6 SP03 can be downloaded from here: https://support.broadcom.com/group/ecx/productfiles?sellable=XCOMSR059&release=11.6&os=WINDOWS%20NT&servicePk=SP03&language=EN
Download & install "CA XCOM Data Transport for Windows 64-bit 11.6 SP03- Product Package" DVD0000000002021.iso
Upgrade steps can be found here: CA XCOM™ Data Transport® for Windows 11.6 Service Packs > Installing and Upgrading

2. The XCOM 11.6 SP03 Solutions (patches) page is here and only the latest patch needs to be installed (XCOM patches are cumulative): 
https://support.broadcom.com/group/ecx/solutionfiles?sellable=XCOMSR059&os=WINDOWS-ALL&release=11.6&solution=XCOM%20Data%20Transport%20for%20Windows%20Family%20Server%20WINDOWS-ALL&subfamily=XCOM