ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » SSL Authentication issue betwen JAVA 6 client and IBM MQ 7.5

Post new topic  Reply to topic Goto page Previous  1, 2
 SSL Authentication issue betwen JAVA 6 client and IBM MQ 7.5 « View previous topic :: View next topic » 
Author Message
hughson
PostPosted: Mon Nov 04, 2019 1:12 am    Post subject: Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1914
Location: Bay of Plenty, New Zealand

riyaz_tak wrote:
hughson wrote:
Can you show us the ciphers at both ends please and any error messages at the queue manager end too.


we are using RC4_MD5_EXPORT .... It is working for 7.5.0.4 but not for 7.5.0.9

Code:
AMQ9616: The CipherSpec proposed is not enabled on the server.

EXPLANATION:
:
(c) The protocol used by the channel has been deprecated. Note that IBM may
  need to deprecate a protocol via product maintenance in response to a
  security vulnerability, for example SSLv3 has been deprecated. Continued use
  of SSLv3 protocol is not recommended but may be enabled by setting
  environment variable AMQ_SSL_V3_ENABLE=TRUE.
(d) The requested CipherSpec has been deprecated. Note that IBM may need to
  deprecate a CipherSpec via product maintenance in response to a security
  vulnerability, for example RC4_MD5_US has been deprecated. Continued use of
  deprecated CipherSpecs is not recommended but may be enabled by setting
  environment variable AMQ_SSL_WEAK_CIPHER_ENABLE=Y.

ACTION:
Analyse why the proposed CipherSpec was not enabled on the server. Alter the
client CipherSpec, or reconfigure the server to accept the original client
CipherSpec. Restart the channel.


Deprecation of CipherSpecs in IBM MQ v7.5, primarily started withMQ v7.5.0.5+, thus in MQ v7.5.0.4 they were available but in MQ v7.5.0.9 they are turned off.

If you need to turn them on again, the error message tells you how. Alternatively, change both ends of the channel to use a cipher spec that is not deprecated.

Cheers,
Morag

Further Reading

_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
riyaz_tak
PostPosted: Mon Nov 04, 2019 3:48 am    Post subject: Reply with quote

Voyager

Joined: 05 Jan 2012
Posts: 92

hughson wrote:
riyaz_tak wrote:
hughson wrote:
Can you show us the ciphers at both ends please and any error messages at the queue manager end too.


we are using RC4_MD5_EXPORT .... It is working for 7.5.0.4 but not for 7.5.0.9

Code:
AMQ9616: The CipherSpec proposed is not enabled on the server.

EXPLANATION:
:
(c) The protocol used by the channel has been deprecated. Note that IBM may
  need to deprecate a protocol via product maintenance in response to a
  security vulnerability, for example SSLv3 has been deprecated. Continued use
  of SSLv3 protocol is not recommended but may be enabled by setting
  environment variable AMQ_SSL_V3_ENABLE=TRUE.
(d) The requested CipherSpec has been deprecated. Note that IBM may need to
  deprecate a CipherSpec via product maintenance in response to a security
  vulnerability, for example RC4_MD5_US has been deprecated. Continued use of
  deprecated CipherSpecs is not recommended but may be enabled by setting
  environment variable AMQ_SSL_WEAK_CIPHER_ENABLE=Y.

ACTION:
Analyse why the proposed CipherSpec was not enabled on the server. Alter the
client CipherSpec, or reconfigure the server to accept the original client
CipherSpec. Restart the channel.


Deprecation of CipherSpecs in IBM MQ v7.5, primarily started withMQ v7.5.0.5+, thus in MQ v7.5.0.4 they were available but in MQ v7.5.0.9 they are turned off.

If you need to turn them on again, the error message tells you how. Alternatively, change both ends of the channel to use a cipher spec that is not deprecated.

Cheers,
Morag

Further Reading


Thanks I will try that and let you know the result.
I have another question regarding MQ order (I know I should raise different ticket for that) :How to maintain message order for ibm mq 7.5.0.4 ?
Back to top
View user's profile Send private message
exerk
PostPosted: Mon Nov 04, 2019 6:17 am    Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 6339

riyaz_tak wrote:
..I have another question regarding MQ order (I know I should raise different ticket for that) :How to maintain message order for ibm mq 7.5.0.4 ?...

If by that you mean messages delivered in the order they were put, MQ does not guarantee order of delivery of messages. If you want messages to be delivered in order your sending application will need to use message groups, and the receiving application will need to know that so it can request all messages within the group, once they have all arrived.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Goto page Previous  1, 2 Page 2 of 2

MQSeries.net Forum Index » IBM MQ Security » SSL Authentication issue betwen JAVA 6 client and IBM MQ 7.5
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.