ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » Oracle Weblogic_to MQ SSL mqrc 2400 error

Post new topic  Reply to topic
 Oracle Weblogic_to MQ SSL mqrc 2400 error « View previous topic :: View next topic » 
Author Message
khaledhema
PostPosted: Mon Oct 21, 2019 1:36 pm    Post subject: Oracle Weblogic_to MQ SSL mqrc 2400 error Reply with quote

Newbie

Joined: 25 Jul 2019
Posts: 4

Hi,

i configured the SSL in ibm MQ server and managed to connect from mq

explore client

i wanted to integrate with Oracle weblogic we managed to connect without the SSL

but when we use the SSL the oracle weblogic give the below error and in mq server logs i got nothing

Code:
<Oct 21, 2019, 3:14:22,127 PM AST> <Error> <oracle.osb.resources.mq.mqconnectionresource> <OSB-381942> <Error occurred when connecting to MQ. Unable to obtain pooled connection, Resource TestFMS/Resources/TestFMSMQConn. MQJE001: Completion Code '2', Reason '2400'.>
<Oct 21, 2019, 3:14:22,129 PM AST> <Error> <oracle.osb.transports.mq.mqtransport> <OSB-381921> <Error trying to access queue Q1>
<Oct 21, 2019, 3:14:22,131 PM AST> <Error> <oracle.osb.logging.pipeline> <BEA-000000> < [null, null, null, ERROR] newfmsfault: <con:fault xmlns:con="">
  <con:errorCode>OSB-380002</con:errorCode>
  <con:reason>[OSB-381921]Error trying to access queue xxx</con:reason>
  <con:location>
    <con:node>PipelinePairNode1</con:node>
    <con:pipeline>PipelinePairNode1_request</con:pipeline>
    <con:stage>stage1</con:stage>
    <con:path>request-pipeline</con:path>
  </con:location>
Back to top
View user's profile Send private message
hughson
PostPosted: Mon Oct 21, 2019 7:51 pm    Post subject: Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1914
Location: Bay of Plenty, New Zealand

So you got error 2400, which you can quickly look up using the mqrc tool:-
Code:
mqrc 2400

      2400  0x00000960  MQRC_UNSUPPORTED_CIPHER_SUITE


So perhaps it would be helpful to tell us in your problem description what cipher you are using?

Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
khaledhema
PostPosted: Mon Oct 21, 2019 9:41 pm    Post subject: Reply with quote

Newbie

Joined: 25 Jul 2019
Posts: 4

thanks for your reply

i tried these ciphers ( TLS_RSA_WITH_AES_128_CBC_SHA256

TLS_RSA_WITH_AES_265_CBC_SHA256) they all gave the same error i mentioned and this error appears in the oracle client

in mq server error logs i get nothing
Back to top
View user's profile Send private message
hughson
PostPosted: Mon Oct 21, 2019 9:48 pm    Post subject: Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1914
Location: Bay of Plenty, New Zealand

You probably should have a read of the following page:-

TLS CipherSpecs and CipherSuites in IBM MQ classes for JMS

and especially the sub-section "Configuring your application to use IBM Java or Oracle Java CipherSuite mappings" and the linked articles from there.

Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
khaledhema
PostPosted: Mon Oct 21, 2019 10:44 pm    Post subject: Reply with quote

Newbie

Joined: 25 Jul 2019
Posts: 4

Thanks yes the link is very useful will check the configuration for cipher suite in oracle weblogic

also you have any explanation why i see no error in mq server side

is this means that the mqrc 2400 is from the mq client libraries in the oracle weblogic?
Back to top
View user's profile Send private message
hughson
PostPosted: Wed Oct 23, 2019 1:36 am    Post subject: Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1914
Location: Bay of Plenty, New Zealand

khaledhema wrote:
also you have any explanation why i see no error in mq server side

is this means that the mqrc 2400 is from the mq client libraries in the oracle weblogic?

Yes, exactly - it means the client never even made a connection to the queue manager yet - it failed even before that.
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
HubertKleinmanns
PostPosted: Wed Oct 23, 2019 3:10 am    Post subject: Reply with quote

Shaman

Joined: 24 Feb 2004
Posts: 732
Location: Germany

I guess, this link could also be helpful:

Java Cryptography Architecture Oracle Providers Documentation.

Oracle WebLogic (formely known as Bea WeLogic) uses a non-IBM-Java. So the supported CipherSuites differ from those of IBM-Java (see Morag's hint).

It could be, that you also need the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.
_________________
Regards
Hubert
Back to top
View user's profile Send private message Visit poster's website
khaledhema
PostPosted: Thu Nov 28, 2019 2:51 am    Post subject: Reply with quote

Newbie

Joined: 25 Jul 2019
Posts: 4

Thanks all for your replies the issue solved by setting this flag to false in the oracle weblogic domain enviroment file
-Dcom.ibm.mq.cfg.useIBMCipherMappings=false
this makes the Oracle weblogic use the Oracle CipherSuite to WebSphere MQ CipherSpec mappings.
Back to top
View user's profile Send private message
tczielke
PostPosted: Thu Nov 28, 2019 6:00 am    Post subject: Reply with quote

Guardian

Joined: 08 Jul 2010
Posts: 939
Location: Illinois, USA

khaledhema wrote:
Thanks all for your replies the issue solved by setting this flag to false in the oracle weblogic domain enviroment file
-Dcom.ibm.mq.cfg.useIBMCipherMappings=false
this makes the Oracle weblogic use the Oracle CipherSuite to WebSphere MQ CipherSpec mappings.


More specifically, "-Dcom.ibm.mq.cfg.useIBMCipherMappings=false" causes the IBM MQ code to follow the IETF naming standards for CipherSuites. Oracle followed the IETF CipherSuite naming standards and IBM did not for some of the TLS 1.0 and 1.2 CipherSuites, at least from the ones I have checked. This is where the issue lies. The IETF (Internet Engineering Task Force) is the group that owns and sets the specifications for TLS.
_________________
Working with MQ since 2010.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Security » Oracle Weblogic_to MQ SSL mqrc 2400 error
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.