The message "TCPIP NOT IN USE OR AN INVALID NSS/DCSS NAME" seems to
be related to a console message SSLSERV that TCPIP send out when TCPRUN
is started:
DTCRUN1022I Console log will be sent to default owner ID: TCPMAINT
DTCRUN1040I SSL server cache segment query / definition results:
HCPCFC003E Invalid option - NSS
HCPCFC003E Invalid option - NSS
HCPCFC003E Invalid option - NSS
DTCRUN1011I Server started at 13:13:21 on 24 Nov 2010 (Wednesday)
DTCRUN1011I Running server command: VMSSL
DTCRUN1011I Parameters in use:
DTCRUN1011I KEYFILE /ETC/GSKADM/DATABASE.KDB
DTCSSL2423I Using server module: SSLSERV MODULE E2 - 11/22/10 10:56:08
DTCSSL015I Server initialization in progress (z/VM level 540 - PK97438)
DTCSSL100I This software incorporates the RSA algorithm
DTCSSL002I SSLSERV main() - PROGMAP:
Name Entry Origin Bytes Attributes
SSLSERV 0F8D0C18 0F8D0C18 0003C3E1 Amode 31 Reloc
DTCSSL002I Runtime parameters:
DTCSSL002I VMSSL_CACHE_CLEANUP=100
DTCSSL002I VMSSL_CACHE_LIFE=86400
DTCSSL002I VMSSL_CACHE_QUEUE="TCPIP"
DTCSSL002I VMSSL_TRACE_SPEC="NOTRACE"
DTCSSL002I GSK_KEYRING_FILE="/ETC/GSKADM/DATABASE.KDB"
DTCSSL002I GSK_KEYRING_STASH_FILE="/ETC/GSKADM/DATABASE.KDB.sth"
DTCSSL002I GSK_TRACE=0
DTCSSL002I GSK_TRACE_FILE="<NULL>"
DTCSSL002I VMSSL_SELDELAY_TIME=0
DTCSSL002I VMSSL_SELDELAY_FREQ=0
DTCSSL002I VMSSL_SELDELAY_DISP=30
DTCSSL002I VMSSL_EXEMPT_LISTCT=0
DTCSSL002I Ciphers array:
name Cd Cd V3 TLS Str key usr use use use cnt
V2 V3 ngt len ex V2 V3 TLS
RC4_128_SHA N 05 Y Y M 128 N 0 1 1 0
RC4_128_MD5 1 04 Y Y M 128 N 1 1 1 0
RSA_AES_256 N 35 Y B H 256 N 0 1 1 0
DH_DSS_AES_256 N 36 Y B H 256 N 0 1 1 0
DH_RSA_AES_256 N 37 Y B H 256 N 0 1 1 0
DHE_DSS_AES_256 N 38 Y B H 256 N 0 1 1 0
DHE_RSA_AES_256 N 39 Y B H 256 N 0 1 1 0
RSA_AES_128 N 2F Y B M 128 N 0 1 1 0
DH_DSS_AES_128 N 30 Y B M 128 N 0 1 1 0
DH_RSA_AES_128 N 31 Y B M 128 N 0 1 1 0
DHE_DSS_AES_128 N 32 Y B M 128 N 0 1 1 0
DHE_RSA_AES_128 N 33 Y B M 128 N 0 1 1 0
3DES_168_SHA 7 0A Y B H 168 N 1 1 1 0
RC2_128_MD5 3 N N M 128 N 1 0 0 0
DHE_RSA_3DES N 16 Y B H 168 N 0 1 1 0
DHE_DSS_3DES N 13 Y B H 168 N 0 1 1 0
DH_RSA_3DES N 10 Y B H 168 N 0 1 1 0
DH_DSS_3DES N 0D Y B H 168 N 0 1 1 0
DES_56_SHA 6 09 Y Y L 56 N 1 1 1 0
DHE_RSA_DES N 15 Y Y L 56 N 0 1 1 0
DHE_DSS_DES N 12 Y Y L 56 N 0 1 1 0
DH_RSA_DES N 0F Y Y L 56 N 0 1 1 0
DH_DSS_DES N 0C Y Y L 56 N 0 1 1 0
RC4_40_MD5 2 03 Y Y L 40 N 1 1 1 0
RC2_40_MD5 4 06 Y Y L 40 N 1 1 1 0
NULL_SHA N 02 Y Y N 0 N 0 1 1 0
NULL_MD5 N 01 Y Y N 0 N 0 1 1 0
NULL N 00 Y Y N 0 N 0 1 1 0
DTCSSL111E Failed to open the session cache queue 'TCPIP': rc=8, rs=184
DTCSSL209E Failed to initialize SSL server:
DTCSSL127E Server shutdown has commenced
DTCSSL128E Server shutdown is complete
DTCRUN1015I Server ended with RC=1 at 13:13:21 on 24 Nov 2010
(Wednesday)
It looks to me that SSLSERV is not finding the NSS it's supposed to be
using.
-------- Forwarded Message --------
> From: Dave Keeton <[email protected]>
> To: The IBM z/VM Operating System <[email protected]>
> Subject: Re: Question about SSL Service
> Date: Wed, 24 Nov 2010 12:46:33 -0800
>
> Mike,
>
> Yes, I'm positive 198 is the same for SSLSERV. Here's the output
> from Q LINKS on SSLSERV:
>
> q links 198
> TCPMAINT 0198 R/W, DTCVSW1 0198 R/O, DTCVSW2 0198 R/O, SSLDCSSM 0198
> R/O
> TCPIP 0198 R/O, SSLSERV 0198 R/O
>
> One interesting note; there's actual progress being made here. I can
> now log on to SSLDCSSM, though I'm not certain if all's well:
>
> DTCRUN1022I Console log will be sent to default owner ID: TCPMAINT
> DTCRUN1040I SSL server cache segment query / definition results:
> HCPNSD440I Saved segment TCPIP was successfully defined in fileid
> 0041.
> HCPNSS440I Saved segment TCPIP was successfully saved in fileid 0041.
> OWNERID FILE TYPE CL RECS DATE TIME FILENAME FILETYPE ORIGINID
> *NSS 0041 NSS R 0001 11/24 12:39:22 TCPIP DCSS SSLDCSSM
> FILE FILENAME FILETYPE MINSIZE BEGPAG ENDPAG TYPE CL #USERS PARMREGS
> VMGROUP
> 0041 TCPIP DCSS N/A 10000 100FF SN R 00000 N/A
> N/A
TCPIP NOT IN USE OR AN INVALID NSS/DCSS NAME
> DTCRUN1021R To cancel SSL DCSS Management Agent startup, type any
> non-blank
> character and press ENTER. To continue startup, just press
> ENTER.
>
> DTCRUN1011I Server started at 12:39:30 on 24 Nov 2010 (Wednesday)
> DTCRUN1011I Running server command: SSLIDCSS
> DTCRUN1011I No parameters in use
> DTCSLD2420I Creating shared session cache queue: TCPIP
>
