SCR #3778 SSLSRV - rel3_ver0_ssls45_032220 22-mar-20 SSLCLI - rel3_ver0_sslc44_032220 SSLLIB - T0000H06_03_STGSSLLIB_03MAR2020_V5R9_SPCL Reference: #3043490 Symptom: SSLSRV abended with a backup takeover. Problem: this abend happens under special circumstances when there are long running connections (since before the certificate refresh), session cache timeout expires while there are still active connections running off that session, and next when the last of those connections is closed, there will be an abend. Change: A change was made to the ssllib. Implementation: Move in the new SSLCLI/SSLSRV module. Stop associated XPNET stations. Stop and re-start SSLCLI/SSLSRV processes. Re-start the previously Stopped stations. Dependencies: None. cr-xpnet-91 SCR #3779 TCPSRV - REL3_VER0_TCPS67_030220 22-mar-20 SSLSRV - REL3_VER0_SSLS45_032220 Reference : #3011806 Symptom: the tcpsrv abends on tbe socket_nw error 4019 Problem: only indication on the logger on the tcpscrv process indicates a possible takeover and/or loss of backup. This caused the abend with the 4019. Change: Change was made in tcpsrv to include the ENODEV in the error handling to prevent an abend Implementation: Move in the new SSLSRV/TCPSRV module. Stop associated XPNET stations. Stop and re-start SSLSRV/TCPSRV processes. Re-start the previously Stopped stations. Dependencies: None. Cr-xpnet-92 SCR #3782 SSLCLI - REL3_VER0_SSLC45_041720 17-Apr-20 SSLSRV - REL3_VER0_SSLS46_041720 TCPCLI - REL3_VER0_TCPC62_041720 TCPSRV - REL3_VER0_TCPS68_041720 SSLLIBI - T0000H06_03_STGSSLNLIB_01APR2020_V5R9 Reference: ga release for the internal/external ssl libraries. Symptom: none Problem: none Change: The new library incorporates all the specials (fixes) from the previous release. Implementation: Move in the new SSL/TCP modules. Stop associated XPNET stations. Stop and re-start SSL/TCP processes. Re-start the previously stopped stations. Dependencies: none CR-XPNET-92 SCR #3800 9/22/2020 jb SSLSRV - REL3_VER0_SSLS47_200922 TCPSRV - REL3_VER0_TCPS69_200922 Reference: 03162973 H24-187724 Symptom: SSLSRV Abends after turning on LASTCONN Problem: An assert in lh_comp assumed that there was only one state that was valid for the assert, but 2 exist. Change: Removed the assert. Implementation: Move in the new SSL/TCP modules. Stop associated XPNET stations. Stop and re-start SSL/TCP processes. Re-start the previously stopped stations. Dependencies: none Code Review: CR-XPNET-114 SCR #3804 NOV-15-20 SSLSRV - REL3_VER0_SSLS48_201112 SSLCLI - REL3_VER0_SSLC46_201112 TCPSRV - REL3_VER0_TCPS70_201112 TCPCLI - REL3_VER0_TCPS63_201112 SSLLIB - T0000L06_03_STGSSLLIB_16NOV2020_6_0_0_1_SPCL TCPTPLS - tcp20ps TCPTPLO - tcp20po Reference: 0xxxxxxx H24-214398 Symptom: SSLSRV Configured with SSL param REVERSE set to YES is not establishing SSL/TLS session. Problem: SSLLLIB defect. Change: Incorprate new SSLLIB that fixed REVERSE processing defect. -- Added code in SSLSRV that will handle the new GOTCPSRV param CONFIG^IN^CONF. This param will signal the SSLSRV that it should not supply the CERTIFICATE defined in the SSLCONFIG file to the SSLLIB if set to NO. If set to YES the certificate is supplied to the SSLLIB. The default for CONFIG^IN^CONF is YES. The purpose of the CONFIG^IN^CONF is to allow the SSLSRV to initialize without requiring a CERTIFICATE to be defined in the SSLCONFIG file. This funtionality can be used when setting SSLCONFIG file param REVERSE to YES. The CONFIG^IN^CONF param is not required and a CERTIFICATE can be supplied to the SSLLIB when the REVERSE param is set to YES. Implementation: Move in the new SSL/TCP modules. Stop associated XPNET stations. Stop and re-start SSL/TCP processes. Re-start the previously stopped stations. Dependencies: none Code Review: CR-XPNET-116 SCR #3812 02/12/2021 jb IPSC - rel3^ver3^ipsc06^20210212 IPSC - rel3^ver4^ipsc04^20210212 IPSC - rel4^ver0^ipsc01^20210212 Reference: H24-260135 03241270 Symptom: Internal server is logging 2105 and marking the station down when a shutdown completes with a 4123 error. Problem: This error condition was not specifically coded for so the default logic of fatal error was invoked. Change: Added logic to ignore this error as the connection is already gone. Implementation: Move the new files into XPNET subvol, Rebuild the NETWORK object using the NETB file. Dependencies: none Code Review: CR-XPNET-124 SCR #3815 03/15/2021 jb IPCL - rel3^ver3^ipcl05^20210315 IPCL - rel3^ver4^ipcl04^20210315 IPCL - rel4^ver0^ipcl01^20210315 Reference: H24-260135 03241270 Symptom: Internal client is logging 2105 and marking the station down when a shutdown completes with a 4123 error. Problem: This error condition was not specifically coded for so the default logic of fatal error was invoked. Change: Added logic to ignore this error as the connection is already gone. Implementation: Move the new files into XPNET subvol, Rebuild the NETWORK object using the NETB file. Dependencies: none Code Review: CR-XPNET-128 SCR #3818 4/20/21 jb TCPSRV REL3_VER0_TCPS71_042021 TCPCLI REL3_VER0_TCPC64_042021 SSLSRV REL3_VER0_SSLS49_042021 SSLCLI REL3_VER0_SSLC47_042021 IPCL -REL3^VER3^IPCL06^20210420 IPSC -REL3^VER3^IPSC07^20210420 IPCL -REL3^VER4^IPCL05^20210420 IPSC -REL3^VER4^IPSC05^20210420 IPCL -REL4^VER0^IPCL02^20210420 IPSC -REL4^VER0^IPSC02^20210420 Reference: H24-261419 Symptom: For external TCPIP server the customer is seeing a 4032 error on an ACCEPT2. this treated as a fatal Error. Problem: 4032 error code is not specifically coded for so default error handling is used. This is to treat the error as fatal. Change: Added 4032 to the list of retriable errors for both internal and external TCPIP/SSL Servers and clients when performing ACCEPT2, Receive, or connnect. Implementation: Move in the new modules. Rebuild the NETWORK object using the NETB file. Stop associated XPNET stations. Stop and re-start SSL/TCP processes. Re-start the previously stopped stations Dependencies: none Code Review: CR-XPNET-132 SCR #3796 08/05/2020 jb IPCL -REL3^VER3^IPCL06^20210420 -REL3^VER4^IPCL05^20210420 -REL4^VER0^IPCL02^20210420 IPSC -REL3^VER3^IPSC07^20210420 -REL3^VER4^IPSC05^20210420 -REL4^VER0^IPSC02^20210420 Reference: Case H24-159152 #03134271 Symptom: Internal TCPIP station goes abnormal on recievingt process, a 4126 error condition on a RECV_NW() completion. 19-03-14;13:12:14.957 \xxxxx.$xxxx ACI.XPNET.3400 6288 Guardian error 4126 (4126) on Socket call RECV_NW for station , line . 19-03-14;13:12:14.958 \xxxxx.$xxxx ACI.XPNET.3400 2105 Station on Line closed because of a fatal Guardian error 399 (see previous log events), station will remain closed. Previous STARTING, Current ABNORMAL Problem: The Internal TCPIP IPCL code looks at a 4126 error condition returned on a RECV_NW() as a fatal error. Change: A better approach to handling a 4126 error condition on a RECV_NW() is to terminate the connection and reset the connection. Added code to identify 3 new types of retryable error conditions, 4126 ETIMEOUT, 4032 EPIPE, and 4120 ECONNRESET. Implementation: Install the new files on the XPNET subvol. Rebuild the NETWORK object using the NETB file. Dependencies: None Code Review: CR-XPNET-xxx SCR #3819 07/08/21 jb BASE - REL3^VER3^BASE^REL21^20210708 REL3^VER3^EXEC07^20210708 REL3^VER4^BASE^REL14^20210708 REL3^VER4^EXEC03^20210708 REL4^VER0^BASE^REL09^20210708 REL4^VER0^EXEC03^20210708 CTS - REL3^VER3^CTS04^20210708 REL3^VER4^CTS02^20210708 REL4^VER0^CTS02^20210708 IPCL - REL3^VER3^IPCL07^20210708 REL3^VER4^IPCL06^20210708 REL4^VER0^IPCL03^20210708 IPSC - REL3^VER3^IPSC08^20210708 REL3^VER4^IPSC06^20210708 REL4^VER0^IPSC03^20210708 Reference: H24-328773 03316277 Symptom: Node went abnormal and abended after deleting a line. Problem: A restart timer had been set for that line before it was deleted, so when the timer popped and we attempted to access the line, it was gone. Change: Added code to remove the timer when a line gets deleted (CTS, IPCL, and IPSC were all affected by this) Implementation: Move in the new modules. Rebuild the NETWORK object using the NETB file. Restart the NETWORK processes. Dependencies: none Code Review: CR-XPNET-134 SCR #3821 09/08/21 DES IPCL REL3^VER3^IPCL08^20210908 REL3^VER4^IPCL07^20210908 REL4^VER0^IPCL04^20210909 IPSC REL3^VER3^IPSC09^20210909 REL3^VER4^IPSC07^20210909 REL4^VER0^IPSC04^20210909 Reference Internal Symptom: On internal TCP/IP, once in the STARTED state, if the Client or Server are stopped, the other side stays in the STARTED state. Problem: SCR3796 added a check which did not catch when the other side went away. Change: Modified the check made for SCR3796 to identify when the connection goes away. Implementation: Install the new files on the XPNET subvol. Rebuild the NETWORK object using the NETB file. Dependencies: none Code Review: CR-XPNET-138 SCR #3823 10/22/21 mmd TCPSRV REL1_VER0_TCPS01_102221 TCPCLI REL1_VER0_TCPC01_102221 REL1_VER0_TCPL01_102221 SSLSRV REL1_VER0_SSLS01_102221 SSLCLI REL1_VER0_SSLC01_102221 TCPTPLS - u10tcpl.tcp01ps TCPTPLO - u10tcpl.tcp01po Reference n/a Symptom: sslcinf command needs to log a message when the stations arent started instead of abending. Problem: When using the tell sslcinf command and the tcpcli and tcpsrv arent connected the station will abend instead of just putting out a log message. Change: Fixed the tell sslcinf command to not abend when the stations arent started. Implementation: Move in the new modules. Stop associated XPNET stations. Stop and re-start TCP processes. Re-start the previously stopped stations Dependencies: none Code Review: CR-XPNET-141 SCR #3832 12/22/21 mmd TCPSRV REL1_VER0_TCPS02_122221 TCPCLI REL1_VER0_TCPC02_122221 SSLSRV REL1_VER0_SSLS02_122221 SSLCLI REL1_VER0_SSLC02_122221 SSLLIBI - T0000H06_03_STGSSLLIB_17DEC2021_6_0_2_0 Reference: GA release for the internal/external ssl libraries for 6020 release Symptom: None Problem: None Change: Bring the new ssl library to allow the using appl to inquire about the details of the active connection such as protocol version, cipher suite and the peer's certificate details. This library supports TLS 1.3. (Please reference the updated SafeTGate SSL Library Guide for further information) Implementation: Move in the new SSL/TCP modules. Stop associated XPNET stations. Stop and re-start SSL/TCP processes. Re-start the previously stopped stations. Dependancies: None Code Review: CR-XPNET-148 SCR #3834 01/26/22 MMD IPCL REL3^VER3^IPCL09^20220126 REL3^VER4^IPCL08^20220126 REL4^VER0^IPCL05^20220126 REL4^VER1^IPCL01^20220126 IPSC REL3^VER3^IPSC10^20220126 REL3^VER4^IPSC08^20220126 REL4^VER0^IPSC05^20220126 REL4^VER1^IPSC01^20220126 Reference H24-384850 Symptom: On internal TCP/IP, the station had a fatal Guardian error 4120 (4120) on Socket call RECV_NW which caused the station to go abnormal. Problem: The 4120 ECONNRESET error should be a retryable error. Originally coded to be a fatal error but should be a retryable error in this case. Change: Altered code to react to a 4120 ECONNRESET as a retryable error. Implementation: Install the new files on the XPNET subvol. Rebuild the NETWORK object using the NETB file. Dependencies: none Code Review: CR-XPNET-151 SCR #3836 03/03/22 jb TCPSRV REL1_VER0_TCPS03_030322 TCPCLI REL1_VER0_TCPC03_030322 SSLSRV REL1_VER0_SSLS03_030322 SSLCLI REL1_VER0_SSLC03_030322 TCPTPLO $DATA01.U10TCPL.TCP02PO TCPTPLS $DATA01.U10TCPL.TCP02PS Reference: H24-395440 Symptom: TCPCLI/TCPSRV abend if the FILESIZE parameter is too big Problem: The input was not limited and abends when using 64 trillion. Change: Max of 1,048,576 is now enforced and log message 2087 now reports the valid range. Implementation: Move in the new modules. Stop associated XPNET stations. Stop and re-start TCP/SSL processes. Re-start the previously stopped stations Dependencies: No dependencies. Code Review: CR-XPNET-153 SCR #3837 03/25/22 jb TCPSRV REL1_VER0_TCPS03_032522 TCPCLI REL1_VER0_TCPC03_032522 SSLSRV REL1_VER0_SSLS03_032522 SSLCLI REL1_VER0_SSLC03_032522 TCPTPLO $DATA01.U10TCPL.TCP02PO TCPTPLS $DATA01.U10TCPL.TCP02PS Reference: H24-404710 Symptom: New parameter used when not in the GO file. Problem: Defaults for new parameters change the normal behavior Change: Made TCPKEEP* parameter defaults match system defaults instead of assigning a value when not configured. Implementation: Move in the new modules. Stop associated XPNET stations. Stop and re-start TCP processes. Re-start the previously stopped stations Dependencies: No dependencies. Code Review: CR-XPNET-153 SCR #3838 04/07/22 jb TCPSRV REL1_VER0_TCPS04_040722 TCPCLI REL1_VER0_TCPC04_040722 SSLSRV REL1_VER0_SSLS04_040722 SSLCLI REL1_VER0_SSLC04_040722 TCPTPLO $DATA01.U10TCPL.TCP02PO TCPTPLS $DATA01.U10TCPL.TCP02PS Reference: H24-406973 Symptom: TCPCLI sometimes abends. Problem: The search for an opener in the opener table is not accounting for empty slots, and encounters one. Change: Allow the whole table to be searched regardless of empty slots. Implementation: Move in the new modules. Stop associated XPNET stations. Stop and re-start TCP processes. Re-start the previously stopped stations Dependencies: No dependencies. Code Review: CR-XPNET-155 SCR #3842 05/02/22 mmd May-02-22 SSLSRV - REL1_VER0_SSLS05_050222 SSLCLI - REL1_VER0_SSLC05_050222 TCPSRV - REL1_VER0_TCPS05_050222 TCPCLI - REL1_VER0_TCPC05_050222 TCPTPLS - tcp03ps TCPTPLO - tcp03po Reference: H24-358766 Symptom: The dates were out of sync Problem: Date change and log message display Change: Corrected the code to fix the date change and changed the log msg to be more easily read Implementation: Move in the new SSL/TCP modules. Stop associated XPNET stations. Stop and re-start SSL/TCP processes. Re-start the previously stopped stations. Dependencies: None Code Review: CR-XPNET-157 SCR #3843 05/02/22 mmd May-02-22 SSLSRV - REL1_VER0_SSLS05_050222 SSLCLI - REL1_VER0_SSLC05_050222 TCPSRV - REL1_VER0_TCPS05_050222 TCPCLI - REL1_VER0_TCPC05_050222 SSLLIB - T0000H06_03_STGSSLNLIB_25APR2022_6_0_2_5 Reference: H24-409830 Symptom: SSL error: Response code 10 (bad record mac) from SSL library Problem: The issue was reported in a previous fix for the library but was not moved forward in the latest release. This is moving the fix forward. Change: Pulled in the newest sslib special Implementation: Move in the new SSL/TCP modules. Stop associated XPNET stations. Stop and re-start SSL/TCP processes. Re-start the previously stopped stations. Dependencies: none Code Review: CR-XPNET-157 SCR #3840 04/22/22 jb IPCL - REL4^VER0^IPCL06^20220422 IPSC - REL4^VER0^IPSC06^20220422 IPCL - REL4^VER1^IPCL02^20220422 IPSC - REL4^VER1^IPSC04^20220422 Reference Internal and H24-360674 Symptom: Internal SSL station requires two starts after an ABORT. Problem: The SSL socket was not getting shutdown when ABORT command was used so the next command failed. Change: added code to do the SSL SHUTDOWN within the ABORT path. Implementation: Install the new files on the XPNET subvol. Rebuild the NETWORK object using the NETB file. Dependencies: No dependencies. Code Review: CR-XPNET-156 SCR #3841 04/22/22 jb IPSC - REL4^VER0^IPSC07^20220422 IPSL - REL4^VER0^IPSL01^20220422 IPSC - REL4^VER1^IPSC05^20220422 IPSL - REL4^VER1^IPSL02^20220422 Reference H24-406129 Symptom: 4003 errors an not handled in the 4.x threads. Problem: SCR3775 was not uplifted to the 4.x threads. Change: Uplifted SCR3775 to 4.x threads. Implementation: Install the new files on the XPNET subvol. Rebuild the NETWORK object using the NETB file. Dependencies: Any dependencies. Code Review: CR-XPNET-156 SCR #3844 05/10/22 jb and mmd NETTPLS - N41EMS.EMS02PS NETTPLO - N41EMS.EMS02PO TCPTPLS - U10TCPL.TCP04PS TCPTPLO - U10TCPL.TCP04PO Reference Internal Symptom: XPNET should not indicate HPE available features. Problem: Log message indicates versions of CLIM needed. Change: Changed log message to inform the user to check with HPE, and added them to the external TCPIP programs as well. Implementation: Install the new NETTPLS file and the new TCPTPLS/O files and re-build the EMSNRES and EMSRES template files using the GOINST obey file. Dependencies: None Code Review: CR-XPNET-158 SCR #3851 06/20/22 des SSLSRV - REL1_VER0_SSLS06_062022 T0000H06_03_STGSSLLIB_17JUN2022_6_0_2_8_SPCL SSLCLI - REL1_VER0_SSLC06_062022 T0000H06_03_STGSSLLIB_17JUN2022_6_0_2_8_SPCL TCPSRV - REL1_VER0_TCPS06_062022 TCPCLI - REL1_VER0_TCPC06_062022 SSLLIBI - T0000H06_03_STGSSLNLIB_17JUN2022_6_0_2_8_SPCL Reference: Change Request IWS-2402 for SSLLIB special. Symptom: server reports an "unrecognized cookie" error. Problem: Even after the IWS-2340 fix, SafeTGate SSL Library sometimes can't establish the connection to a Java TLS1.3 server. Change: Pulled in the newest sslib special. Implementation: Move in the new SSL/TCP modules as well SSLLIBI. If you want to incorporate SSLLIBI witht XPNET, you'll need to rebuild your network usinged the NETB file, then stop and restart your nodes. If you're not rebuilding XPNET, then stop associated XPNET stations. Stop and re-start SSL/TCP processes. Re-start the previously stopped stations. Dependencies: none Code Review: CR-XPNET-165 SCR3853 06/27/22 jb TCPCLI - REL1_VER0_TCPC07_062722 TCPSRV - REL1_VER0_TCPS07_062722 SSLCLI - REL1_VER0_SSLC07_062722 SSLSRV - REL1_VER0_SSLS07_062722 TCPL - $data01.u10tcpl.tcpl03ts Reference H24-413917 Symptom: Lenght indicator does not support packed BCD. Problem: Customer attempting to use JCB Domestic was not able to pass data through because packed BCD was used for the length indicator and no translation for it was available. Change: Added conversion routines to translate the length indicator for packed BCD for format types -4 and -5. Implementation: Move in the new modules. Stop associated XPNET stations. Stop and re-start TCP processes. Re-start the previously stopped stations Dependencies: No dependencies. Code Review: CR-XPNET-167 SCR #3860 09/01/22 des SSLSRV - REL1_VER0_SSLS09_090122 T0000H06_03_STGSSLLIB_01SEP2022_6_0_2_14_SPCL SSLCLI - REL1_VER0_SSLC08_090122 T0000H06_03_STGSSLLIB_01SEP2022_6_0_2_14_SPCL TCPSRV - REL1_VER0_TCPS09_090122 TCPCLI - REL1_VER0_TCPC08_090122 SSLLIBI - T0000H06_03_STGSSLNLIB_01SEP2022_6_0_2_14_SPCL Reference: Change Request IWS-2452 Symptom: If TLS server sends Certificate Request and SafeTGate SSL Library has not been configured with a client Certificate, a Fatal Alert, Unsupported Certificate (43) is sent. Problem: Code to properly deal with this situation was never written. Change: SafeTGate SSL Library now behaves as per RFCs. Empty certificate chain is sent leaving it for the server to decide if the session can continue without a Client Certificate. Implementation: Move in the new SSL/TCP modules as well as SSLLIBI. If you want to incorporate SSLLIBI with XPNET, you'll need to rebuild your network usinged the NETB file, then stop and restart your nodes. If you're not rebuilding XPNET, then stop associated XPNET stations. Stop and re-start SSL/TCP processes. Re-start the previously stopped stations. Dependencies: none Code Review: CR-XPNET-174 SCR #3863 09/01/22 des SSLSRV - REL1_VER0_SSLS10_091922 T0000H06_03_STGSSLLIB_16SEP2022_6_0_2_15_SPCL SSLCLI - REL1_VER0_SSLC09_091922 T0000H06_03_STGSSLLIB_16SEP2022_6_0_2_15_SPCL TCPSRV - REL1_VER0_TCPS10_091922 TCPCLI - REL1_VER0_TCPC09_091922 Reference: Change Request IWS-2452 Symptom: If TLS server sends Certificate Request and SafeTGate SSL Library has not been configured with a client Certificate, a Fatal Alert, Handshake Error (43) is sent. Problem: After sending an empty Certificatde when Server has negotiated TLS 1.2 or less, the library tries to send a Certificate Verify message but cannot because there is no private key. Change: SafeTGate SSL Library no longer tries to send Cerificate Verify after sending an Empty certificate chain. SafeTGate SSL Library no longer terminates TLS Handshakes when Certificate Request is received and no client Certificate is configured. Implementation: Move in the new SSL/TCP modules. Stop associated XPNET stations. Stop and re-start SSL/TCP processes. Re-start the previously stopped stations. Dependencies: none Code Review: CR-XPNET-177 SCR #3865 10/19/22 des SSLSRV - REL1_VER0_SSLS11_101922 T0000H06_03_STGSSLLIB_12OCT2022_6_0_2_17_SPCL SSLCLI - REL1_VER0_SSLC10_101922 T0000H06_03_STGSSLLIB_12OCT2022_6_0_2_17_SPCL TCPSRV - REL1_VER0_TCPS11_101922 TCPCLI - REL1_VER0_TCPC10_101922 SSLLIBI - T0000H06_03_STGSSLNLIB_12OCT2022_6_0_2_17_SPCL Reference: Change Request IWS-2501 Symptom: SafeTGate SSL library when acting as a TLS client crashes during handshaking. Problem: There was a one-byte math error calculating the length of the outgoing Client Hello message that could lead to a one-byte corruption of the corresponding message memory. This problem was hidden until recent IWS-2432-related changes were made, but even then it did not always cause an impact. When a crash did occur it was seen near the end of the handshake when a memory address was freed. Change: Increased the buffer size for the additional byte. Implementation: Move in the new SSL/TCP modules as well as SSLLIBI. If you want to incorporate SSLLIBI with XPNET, you'll need to rebuild your network using the NETB file, then stop and restart your nodes. Stop associated XPNET stations. Stop and re-start SSL/TCP processes. Re-start the previously stopped stations. Dependencies: No dependencies. Code Review: CR-XPNET-179 >>>> NOTE THIS SHOULD NOT HAVE BEEN CATALOGED AND HAS BEEN BACKED OUT SCR #3849 06/09/22 jb IPSC - REL3^VER3^IPSC11^20220609 IPCL - REL3^VER3^IPCL10^20220609 IPSC - REL3^VER4^IPSC09^20220609 IPCL - REL3^VER4^IPCL09^20220609 IPSC - REL4^VER0^IPSC08^20220609 IPCL - REL4^VER0^IPCL07^20220609 IPSC - REL4^VER1^IPSC06^20220609 IPCL - REL4^VER1^IPCL03^20220609 Reference H24-418889 Symptom: 4032 errors makes station go abnormal. Problem: This error was not specifically handled so was treated as fatal. Change: added code to treat 4032 as a connection error. Implementation: Install the new files on the XPNET subvol. Rebuild the NETWORK object using the NETB file. Dependencies: No dependencies. Code Review: CR-XPNET-163 SCR #3861 09/06/2022 jb IPCL - REL4^VER1^IPCL03^20220906 IPCL - REL4^VER0^IPCL07^20220906 IPCL - REL3^VER4^IPCL11^20220906 EAUDPRO - REL4^VER0^EAUD02^20220906 EAUDPRO - REL4^VER1^EAUD01^20220906 RTSPRO - REL4^VER0^RTS02^20220906 RTSPRO - REL4^VER1^RTS01^20220906 Reference H24-416706 Symptom: Internal SSL Client requires a certificate, not allowing the connection without one. Problem: The internal logic was never coded to allow the client to connect without a certificate. Change: Removed the check for the certificate file. Implementation: Move in the new SSL/TCP modules as well as SSLLIBI. Incorporate SSLLIBI with XPNET by using the NETB file, then stop and restart your nodes. Stop and re-start SSL/TCP processes. Dependencies: SCR3860 Code Review: CR-XPNET-175 SCR #3872 12/15/22 jb TCPSRV REL1_VER0_TCPS12_121522 TCPCLI REL1_VER0_TCPC11_121522 SSLSRV REL1_VER0_SSLS12_121522 SSLCLI REL1_VER0_SSLC11_121522 Reference H24-467612 Symptom: TCPCLI sometimes abends. Problem: The search for an opener in the opener table is not accounting for an empty slot in the first position. Change: Check for an empty slot before using the pointer within the struture Implementation: Move in the new modules. Stop associated XPNET stations. Stop and re-start TCP processes. Re-start the previously stopped stations Dependencies: No dependencies. Code Review: CR-XPNET-185 SCR #3868 11/14/2022 des BASE - REL3^VER3^BASE^REL25^20221114 REL3^VER3^DCOM07^20221114 BASE - REL3^VER4^BASE^REL24^20221114 REL3^VER4^DCOM07^20221114 BASE - REL4^VER0^BASE^REL19^20221114 REL4^VER0^DCOM06^20221114 BASE - REL4^VER1^BASE^REL10^20221114 REL4^VER1^DCOM03^20221114 SSLLIBI - T0000H06_03_STGSSLNLIB_18NOV2022_6_0_3_0 STGKM - T0000H06_03_STGKM_30MAR2022_6_0_2_3 T0000H06_03_STGSSLLIB_12OCT2022_6_0_2_17_SPCL Reference Internal Symptom: There are two problems this SCR fixes: - A CERTSREFRESH command is issued and the following log message is seen: ACI_SSL_CERTIFICATE_REFRESH Error 5 for the current Certificate Refresh command. Error 5 is an invalid password. - After a successful CERTSREFRESH command was executed, the customer executed another CERTSREFRESH to go back to the previous certificate. The command seems to work, but it fails to switch back to the previous certificate. Problem: Two things can cause the first problem: - The password being passed to the SSLLIBI routine ACI_SSLCERTIFICATE_REFRESH isn't null terminated, and this routine expects it to be. - In 4.1 only, the code looks at every device in the configuration. We use the last device's definition for the password being passed to the routine. This may not always be valid. The cause for the second problem: - A problem in the SSLLIBI routine ACI_SSLCERTIFICATE_REFRESH. Change: For problem one: - The code makes sure the password is null terminated. - While looping through the devices, when a valid device is found it's information is saved off. We then use that saved information in the call to ACI_SSLCERTIFICATE_REFRESH. For problem two: - A change was made in the SSLLIBI routine Implementation: Install the new BASE, SSLLIBI and STGKM files on the XPNET subvol. Rebuild the NETWORK object using the NETB file. Dependencies: No dependencies. Code Review: CR-XPNET-182 SCR #3876 02/28/23 des SSLSRV - REL1_VER0_SSLS13_022823 T0000H06_03_STGSSLLIB_27FEB2023_6_0_3_1_SPCL SSLCLI - REL1_VER0_SSLC12_022823 T0000H06_03_STGSSLLIB_27FEB2023_6_0_3_1_SPCL TCPSRV - REL1_VER0_TCPS13_022823 TCPCLI - REL1_VER0_TCPC12_022823 SSLLIBI - T0000H06_03_STGSSLNLIB_27FEB2023_6_0_3_1_SPCL Reference: Change Request IWS-2594, IWS-2644, IWS-2646 Symptom: (IWS-2594) SSL code was not handling unknown values in the handshake type field. (IWS-2644) SSL Library failed to decrement a context-in-use counter in one situation and as a result the aci_ssl_context_delete function improperly returned error ACI_SSL_RC_CONTEXT_IN_USE. (IWS-2646) SSL Library picks up a cipher suite from the client h ello that doesn't match the negotiated protocol version. This could have resulted in the UNKNOWN_CERTIFICATE_TYPE error. Problem: (IWS-2594) When receiving a handshake with unknown type field values, the library would abend. (IWS-2644) SSL code was only decrementing the context references when a connection was still up. (IWS-2646) SSL library wasn't checking some cipher suite/protocol version combination properly. Change: (IWS-2594) SSL Library will now terminate the SSL handshake with Fatal Alert 10, Unexpected Message and will not abend. (IWS-2644) SSL Library will now decrement the counter appropriately. (IWS-2646) SSL Library will pick up a cipher suite from the client hello that properly matches the negotiated protocol version. Implementation: Move in the new SSL/TCP modules as well as SSLLIBI. If you want to incorporate SSLLIBI with XPNET, you'll need to rebuild your network using the NETB file, then stop and restart your nodes. Stop associated XPNET stations. Stop and re-start SSL/TCP processes. Re-start the previously stopped stations. Dependencies: No dependencies. Code Review: CR-XPNET-189 SCR #3877 03/20/2023 gjd SSLSRV - REL1_VER0_SSLS14_032023 T0000H06_03_STGSSLLIB_16MAR2023_6_0_3_4_SPCL SSLCLI - REL1_VER0_SSLC13_032023 T0000H06_03_STGSSLLIB_16MAR2023_6_0_3_4_SPCL TCPSRV - REL1_VER0_TCPS14_032023 TCPCLI - REL1_VER0_TCPC13_032023 Reference: H24-394118/ H24-483326 Symptom: XPNET 4.1 - SSLCLI excessive TLE usage when not having connections set up Problem: Timers for the Partner Certificate expiry are set for each connection. Change: Changed code to set a single 24 hour timer for all connections Partner Certificate expiry times. Table will be searched at each 24 hour expiration. The single timer will be started at initialization and at each 24 interval. Only one of these timers will be active at any time in this process. Implementation: Move in the new SSL/TCP modules. Stop associated XPNET stations. Stop and re-start SSL/TCP processes. Re-start the previously stopped stations. Dependencies: No dependencies. Code Review: CR-XPNET-xxx SCR #3879 03/16/23 des SSLSRV - REL1_VER0_SSLS14_032023 T0000H06_03_STGSSLLIB_16MAR2023_6_0_3_4_SPCL SSLCLI - REL1_VER0_SSLC13_032023 T0000H06_03_STGSSLLIB_16MAR2023_6_0_3_4_SPCL TCPSRV - REL1_VER0_TCPS14_032023 TCPCLI - REL1_VER0_TCPC13_032023 SSLLIBI - T0000H06_03_STGSSLNLIB_16MAR2023_6_0_3_4_SPCL Reference: Change Request IWS-2667 Symptom: Make sure that our TLS server complies with the non-compatibility mode when using TLS1.3. Problem: STGSSL TLS server receives client hello with zero length session ID and negotiates TLS1.3, and then generates non-zero session ID and sends it in the server hello. This causes the client to abandon the handshake with the "illegal parameter" fatal alert. Change: Return a zero length session ID as per RFC 8446 in this situation. STGSSL able to complete a TLS1.3 handshake with a client that doesn't use the RFC 8446 compatibility mode. Implementation: Move in the new SSL/TCP modules as well as SSLLIBI. If you want to incorporate SSLLIBI with XPNET, you'll need to rebuild your network using the NETB file, then stop and restart your nodes. Stop associated XPNET stations. Stop and re-start SSL/TCP processes. Re-start the previously stopped stations. Dependencies: No dependencies. Code Review: CR-XPNET-191 SCR #3882 04/10/2023 gjd SSLSRV - REL1_VER0_SSLS15_041023 SSLCLI - REL1_VER0_SSLC14_041023 TCPSRV - REL1_VER0_TCPS15_041023 TCPCLI - REL1_VER0_TCPC14_041023 Reference: H24-496732 Symptom: Customer gets the following log message and requests that the error condition is handled as a retryable error: 23-03-22;13:44:53.442 \NARGP1.$C1AG1 ACI.XPTCP.1000 2027 S2A^HISO^FC01 - recv_nw error 4129 - (EHOSTUNREACH) No route to host - RADDR - 11146:10.15.206.2. Problem: Error 4129 is handled as a Fatal error. Change: Changed error 4129 to be a retryable error. Implementation: Move in the new SSL/TCP modules. Stop associated XPNET stations. Stop and re-start SSL/TCP processes. Re-start the previously stopped stations. Dependencies: No dependencies. Code Review: CR-XPNET-196 SCR #3885 04/25/2023 des SSLSRV - REL1_VER0_SSLS15_041023 TCPSRV - REL1_VER0_TCPS15_041023 Reference: Case H24-491449 Symptom: A client attempts to connect to TCPSRV/SSLSRV but there is no server station available. During the process of rejecting the connection TCPSRV/SSLSRV receives an error 162 (Operation timed out), abends and generates the following log message: Program:\xxxxx.$xxxxx.XPNET.TCPSRV 23-03-05;04:53:50.390 \xxxxx.$xxxxx ACI.XPTCP.1000 2015 Socket_nw() error 162 (Operation timed out) rejecting call. Change: Changed error 162 to be a retryable error. Implementation: Move in the new SSL/TCP modules. Stop associated XPNET stations. Stop and re-start SSL/TCP processes. Re-start the previously stopped stations. Dependencies: No dependencies. Code Review: CR-XPNET-196