After applying TLS maintenance, the Common Services for z/OS r14.1 procs CCISSL and/or CCISSLGW may fail with a JCL error

Document ID : KB000114986
Last Modified Date : 17/09/2018
Show Technical Document Details
Issue:
I've just rolled out maintenance to Common Services r14.1 for TLS compatibility.   The maintenance changed the CCISSL and CCISSLGW procs and added a new parm  FIPS=YES/NO .  Now when  CCISSLGW tries to start, I receive a JCL error "excessive parameter length in the parm field". 
Environment:
CA Common Services for z/OS r14.1 executing the CCISSL and/or CCISSLGW procs using TLS 1.1 or 1.2.   
Cause:
A new parm was added to the procs for TLS, FIPS=YES/NO.  When used in conjunction with other parm values, it may exceed the IBM mandated 100 character limit for parms causing a JCL error..   
 
Resolution:
  • Use the NETPARM DD statement introduced for TLS 1.2 support by PTF RO94761
  • The NETPARM DD statement was added to both the CCISSL and CCISSLGW procs
  • The NETPARM DD points to a new member CAW4NETP included in the CAW0OPTN dataset
  • CAW4NETP includes the parms formerly included only on ithe parm statement itself
  • Prevents the JCL errors that may result by exceeding the IBM mandated 100 character limit on a parm statement
  • No limit to the number of characters if included in the CAW4NETP member
    • nSome Examples are:
      • CERT= Server Certificate Label Name
      • KEYRING= Name of an externa security keyring
      • PORT=  Name of the Listen Port
      • PROT= Security protocols enabled (including TLS)
      • UNSECON= Accept non-SSL clients
      • FIPS= Enable FIPS mode
Additional Information:
Please review the CCISSL TLS Maintenance 
  • RO94761 - which adds TLS support to CCIMVS
  • RI96228 - which describes the changes to the procs and adds support for the NETPARM statement
  • RO99465 - which allows parm values using an embedded blank and updates the proc comments to indicate TLS
  • The Common Services r14.1 Documentation wiki describing the //NETPARM DD statement