| Author |
Message
|
| riyaz_tak |
 Posted: Mon Mar 09, 2020 9:16 pm Post subject: SSL CIPHER between IBM MQ 7.5 and Java Client |
 |
|
Voyager
Joined: 05 Jan 2012
Posts: 92
|
Hi Team
I have IBM MQ 7.5 installed on SOlaris 10 machine.
SRVCONN channel has RC4_MD5_EXPORT cipher .
alter channel (xxxxx) +
chltype (svrconn) +
trptype (tcp) +
sslcauth (required) +
sslciph (RC4_MD5_EXPORT) +
sslpeer ('xxxx') +
mcauser
Java client has SSL_RSA_EXPORT_WITH_RC4_40_MD5.
sslciphersuite(SSL_RSA_EXPORT_WITH_RC4_40_MD5)
We have java 6 (ORACLE JRE ) running on SOlaris 10 machine.
Now we are planning to migrate to TLS 1.2 from SSL.
We tried below combinations :
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
But each time getting below error :
Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2400' ('MQRC_UNSUPPORTED_CIPHER_SUITE').
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:209)
I am setting -Dcom.ibm.mq.cfg.useIBMCipherMappings=false \ when starting java client.
$JAVA_BIN -DJ=$JAMG_ID -DT="\"$TAG\"" \
-Djava.library.path=$java/lib \
-Djavax.net.ssl.trustStore=$java/cfg/key.jck \
-Djavax.net.ssl.trustStorePassword=xxx \
-Djavax.net.ssl.trustStoreType=jceks \
-Djavax.net.ssl.keyStore=$java/cfg/key.jck \
-Djavax.net.ssl.keyStorePassword=xxx \
-Djavax.net.ssl.keyStoreType=jceks \
-Dcom.ibm.mq.cfg.useIBMCipherMappings=false \
$xxx.xxx -f $FILE $DIROPT &
Would you please let us know what is wrong and which combination will wor k? |
|
| Back to top |
|
 |
| riyaz_tak |
| Posted: Mon Mar 09, 2020 11:44 pm Post subject: |
|
|
Voyager
Joined: 05 Jan 2012
Posts: 92
|
| Ibm mq version is 7.5.0.4 |
|
| Back to top |
|
|
| exerk |
| Posted: Tue Mar 10, 2020 3:53 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Take a look in this IBM MQ KNOWLEDGE CENTRE ARTICLE, specifically Note 7.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Mar 10, 2020 5:09 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
You may also want to check the key size. If the key size is under 2048 you will not be able to run TLS. 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Tue Mar 10, 2020 2:09 pm Post subject: |
|
|
Jedi
Joined: 25 Mar 2003
Posts: 2494
Location: Melbourne, Australia
|
|
| Back to top |
|
|
| riyaz_tak |
| Posted: Tue Mar 10, 2020 9:34 pm Post subject: |
|
|
Voyager
Joined: 05 Jan 2012
Posts: 92
|
| Does JAVA 6 supports TLS 1.2? |
|
| Back to top |
|
|
| riyaz_tak |
| Posted: Tue Mar 10, 2020 11:05 pm Post subject: |
|
|
Voyager
Joined: 05 Jan 2012
Posts: 92
|
Current java version is
java version "1.6.0_07"
Java(TM) SE Runtime Environment (build 1.6.0_07-b06)
Java HotSpot(TM) Client VM (build 10.0-b23, mixed mode, sharing)
I checked on google and found out that this particular version dosen't support TLS 1.2.
Is there any way by which i can upgrade to TLS 1.2 without changing JAVA 6. |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Mar 11, 2020 4:46 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| riyaz_tak wrote: |
| I checked on google and found out that this particular version dosen't support TLS 1.2. |
The perils of running the back version of software.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Mar 11, 2020 4:49 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9396
Location: US: west coast, almost. Otherwise, enroute.
|
| riyaz_tak wrote: |
| I checked on google and found ... |
Please post the URL when you cite a source.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Mar 11, 2020 5:24 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| bruce2359 wrote: |
| riyaz_tak wrote: |
| I checked on google and found ... |
Please post the URL when you cite a source. |
THIS is a good one, especially the second answer...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
|
|
