IBM Z Software


This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Future consideration
Workspace z/TPF Product Family
Categories z/TPF
Created by Guest
Created on Jan 20, 2022

RELATED IDEAS

Restart a failed shared SSL daemon process automatically?

Using the description from the CASE.
jvfarmer (IBM)
Jan 18, 2022, 08:42
We have been working on diagnostic improvements to shared SSL, and have gotten some corruption detection in place, but we don't believe adding this code formally is the correct approach. For starters, recovering from the corruption opens up other issues. For example, lets say a hash bucket has a corrupted address, TPF detects that corruption, and cleans up the chain pointer. Lets say that corrupted chain contains the CTX for an INETD SSL server. Well, in this case, the INETD SSL server does not accept any new connections if that is the daemon process the CTX is associated with.

If the hash table corruption is occurring from other processing, outside of shared SSL, the diagnostic improvements won't help determine the cause of the corruption either. Or at least won't provide anything new of value than what we have today. After much discussion we have decided not to pursue the diagnostic improvement as we don't believe it will provide a lot of value. In addition, all of this chain pointer checking will likely negatively affect the performance of shared SSL.

Trying to detect this one type of corruption programmatically and recover from it is not the best approach here. Our thoughts are to enhance the OpenSSL shared SSL code base to restart failed daemon processes, rather than try to detect/recover the system heap corruption.

Would it be possible to open an RFE asking for support to restart a failed shared SSL daemon process automatically? This way if we encounter any memory depletion or any type of corruption that causes a dump, the shared SSL daemons will recover automatically?

Idea priority Medium

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.