-----Original Message----- From: Linux on 390 Port [mailto:[email protected]] On Behalf Of LINUX-390 automatic digest system Sent: Thursday, September 01, 2016 11:02 PM To: [email protected] Subject: LINUX-390 Digest - 31 Aug 2016 to 1 Sep 2016 (#2016-171)
There are 6 messages totalling 285 lines in this issue. Topics of the day: 1. Crypto error meanings? (6) ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ---------------------------------------------------------------------- Date: Thu, 1 Sep 2016 17:02:48 +0000 From: Marcy Cortes <[email protected]> Subject: Re: Crypto error meanings? > One would think that the same cipher suite between the same two hosts > wou= ld give consistent failures, but perhaps that Linux error is causing a bad = MAC. CICS is just one of the clients that gets it. It's the one that gives at = least a bit more info in the message. So to me that says either IHS or Linux is having a problem. It isn't load related either since it has happened at a variety of times pe= r day. I think I need to get our WAS people to push support to get a trap or somet= hing. Perhaps they can get a dump that way. Marcy ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ------------------------------ Date: Thu, 1 Sep 2016 15:48:25 -0400 From: Jeffrey Barnard <[email protected]> Subject: Re: Crypto error meanings? Mercy, Alan is correct. The gsk_secure_socket_init() call is failing. This is the initial SSL/TLS handshake. A wireshark trace from both ends would tell you a lot. It will show you the handshake packets and probably the field that is invalid. You can load the key into wireshark and it will decrypt the packet too. Where and when the bad field appears will tell you a lot. Have fun! Regards, Jeff ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ------------------------------ Date: Thu, 1 Sep 2016 22:25:09 -0400 From: Rick Troth <[email protected]> Subject: Re: Crypto error meanings? On 09/01/2016 01:02 PM, Marcy Cortes wrote: >> > One would think that the same cipher suite between the same two >> > hosts would give consistent failures, but perhaps that Linux error is >> > causing a bad MAC. > CICS is just one of the clients that gets it. > It's the one that gives at least a bit more info in the message. > So to me that says either IHS or Linux is having a problem. > It isn't load related either since it has happened at a variety of times per > day. > I think I need to get our WAS people to push support to get a trap or > something. > Perhaps they can get a dump that way. So ... I was thinking that you had different clients, but was thinking that one of them was more of a problem. (Or the only problem?) But it sounds like the failures are not consistent. Consistency would be nice. -- R; <>< ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ------------------------------ Date: Fri, 2 Sep 2016 02:26:59 +0000 From: Marcy Cortes <[email protected]> Subject: Re: Crypto error meanings? When the problem starts, all clients get ill. Maybe 5 or 10 minutes every week or two? No consistency whatsoever. And by the time the troops are gathered, too late for tcpdumps. -----Original Message----- From: Linux on 390 Port [mailto:[email protected]] On Behalf Of Rick = Troth Sent: Thursday, September 01, 2016 7:25 PM To: [email protected] Subject: Re: [LINUX-390] Crypto error meanings? On 09/01/2016 01:02 PM, Marcy Cortes wrote: >> > One would think that the same cipher suite between the same two=20 >> > hosts would give consistent failures, but perhaps that Linux error >> > is = causing a bad MAC. > CICS is just one of the clients that gets it. > It's the one that gives at least a bit more info in the message. > So to me that says either IHS or Linux is having a problem. > It isn't load related either since it has happened at a variety of > times = per day. > I think I need to get our WAS people to push support to get a trap or > som= ething. > Perhaps they can get a dump that way. So ... I was thinking that you had different clients, but was thinking that= one of them was more of a problem. (Or the only problem?) But it sounds li= ke the failures are not consistent. Consistency would be nice. -- R; <>< ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email= to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ------------------------------ Date: Thu, 1 Sep 2016 22:40:19 -0400 From: Alan Altmark <[email protected]> Subject: Re: Crypto error meanings? On Friday, 09/02/2016 at 02:27 GMT, Marcy Cortes=20 <[email protected]> wrote: > When the problem starts, all clients get ill. > Maybe 5 or 10 minutes every week or two? > No consistency whatsoever. > And by the time the troops are gathered, too late for tcpdumps. I think the external sniffers will have to collect several hours worth of=20 rolling data, and when the app detects an error, stop the data collection. = You should give you plenty of time to stop data collection without losing = any data and without trying to hold two weeks' worth of packet traces. I was pleased to hear from Jeff that Wireshark could use a copy of the=20 server certificate to decode the data stream. One of these days I'll have = to test that out! Alan Altmark Senior Managing z/VM and Linux Consultant Lab Services System z Delivery Practice IBM Systems & Technology Group ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 [email protected] IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ------------------------------ Date: Fri, 2 Sep 2016 02:53:57 +0000 From: Marcy Cortes <[email protected]> Subject: Re: Crypto error meanings? Thanks Alan and Jeff. I think it's becoming clear to me that IHS must be the culprit here.=20 It's talking to everything fine until something makes it stop doing that an= d screwing up the handshake. What that trigger is we don't know. We did find one occurrence that overla= pped with vulnerability port scanning, but they've suspended that for now. The sniffer traces show no other unsuspected IP addresses coming in (so the= y say). I'll circle back with our WAS guy and makes sure this gets in the PMR. I still want to know what those errors are though! :) Anyone? Marcy -----Original Message----- From: Linux on 390 Port [mailto:[email protected]] On Behalf Of Alan = Altmark Sent: Thursday, September 01, 2016 7:40 PM To: [email protected] Subject: Re: [LINUX-390] Crypto error meanings? On Friday, 09/02/2016 at 02:27 GMT, Marcy Cortes <Marcy.D.Cortes@wellsfargo= .com> wrote: > When the problem starts, all clients get ill. > Maybe 5 or 10 minutes every week or two? > No consistency whatsoever. > And by the time the troops are gathered, too late for tcpdumps. I think the external sniffers will have to collect several hours worth of r= olling data, and when the app detects an error, stop the data collection.=20 You should give you plenty of time to stop data collection without losing = any data and without trying to hold two weeks' worth of packet traces. I was pleased to hear from Jeff that Wireshark could use a copy of the serv= er certificate to decode the data stream. One of these days I'll have to t= est that out! Alan Altmark Senior Managing z/VM and Linux Consultant Lab Services System z Delivery Pr= actice IBM Systems & Technology Group ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 [email protected] IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email= to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ------------------------------ End of LINUX-390 Digest - 31 Aug 2016 to 1 Sep 2016 (#2016-171) *************************************************************** ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
