IBM Support

DFHSO0123 402 FUNCTION_RESPONSE(192) when attempting SSL connection

Question & Answer


Question

Why would I receive message DFHSO0123 with RETURN CODE 402 and FUNCTION_RESPONSE 192 when my CICS web service COBOL program is attempting to connect to open system server? I am are running with CICS Transaction Server for z/OS (CICS TS) V4.2.

The attempted Secure Sockets Layer (SSL) connection responds with the following in the CICS trace:

 SYSTEM_SSL_ERROR GSK_RESPONSE(GSK_ERR_NO_CIPHERS) FUNCTION         
 (SECURE_SOC_INIT) RESPONSE(EXCEPTION) REASON                         
 (CLIENT_ERROR) GSK_RETURN_CODE(192) CERTIFICATE_USERID()             
 CIPHER_SELECTED()        

This CICS web service is defined as CICS being the client.

Answer

The trace shows that the server rejected the handshake immediately. CICS will be attempting the handshake with the protocol set to Transport Layer Security (TLS) 1.0 and the cipher list from the URIMAP. You need to find out why that is not acceptable to the remote server.

Note that CICS TS 4.2 only supports TLS 1.0. CICS TS 4.2 cannot use TLS 1.1 or 1.2 and also cannot specify any 4 digit cipher codes.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"SSL","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

CICS/TS CICSTS CICS TS CICS Transaction Server

Document Information

Modified date:
10 October 2016

UID

dwa1308637