| Author | Message | 
		
		  | Accell | 
			  
				|  Posted: Wed Jul 01, 2015 7:45 am    Post subject: WMB Strong key support (4096 bits). |   |  | 
		
		  | Novice
 
 
 Joined: 07 Feb 2015Posts: 24
 
 
 | 
			  
				| Hi, We are facing an issue in establishing  a TLS connection to server which implements key size of 4096 bits. According to the below IBM link, the unrestricted policy files should resolve the issues with key sizes greater than 2048.
 
 http://www-01.ibm.com/support/docview.wss?uid=swg21663373
 
 Have replaced the but getting following exception in soaprequest.
 Text:CHARACTER:java.lang.NoClassDefFoundError: javax.crypto.b (initialization failure)
 
 
 Also tried change the order of security provider as below but still the issue continues.
 
 security.provider.1=com.ibm.crypto.provider.IBMJCE
 security.provider.2=com.ibm.jsse2.IBMJSSEProvider2
 security.provider.3=com.ibm.security.jgss.IBMJGSSProvider
 security.provider.4=com.ibm.security.cert.IBMCertPath
 security.provider.5=com.ibm.security.sasl.IBMSASL
 security.provider.6=com.ibm.xml.crypto.IBMXMLCryptoProvider
 security.provider.7=com.ibm.xml.enc.IBMXMLEncProvider
 security.provider.8=org.apache.harmony.security.provider.PolicyProvider
 security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
 
 Any inputs will be much appreciated.
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | mqjeff | 
			  
				|  Posted: Wed Jul 01, 2015 7:50 am    Post subject: |   |  | 
		
		  | Grand Master
 
 
 Joined: 25 Jun 2008Posts: 17447
 
 
 | 
			  
				| That link doesn't refer to IIB/Broker directly. 
 Where did you put the unlimited policy files?
 
 Are you using JMS?  Are you using something else?
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | Accell | 
			  
				|  Posted: Wed Jul 01, 2015 8:26 am    Post subject: |   |  | 
		
		  | Novice
 
 
 Joined: 07 Feb 2015Posts: 24
 
 
 | 
			  
				| Hi, 
 I placed the policy file over here:
 D:\InstalledSoftware\IBM\MQSI\8.0.0.2\jre16\lib
 
 Also,i am using HTTP.
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | mqjeff | 
			  
				|  Posted: Wed Jul 01, 2015 8:28 am    Post subject: |   |  | 
		
		  | Grand Master
 
 
 Joined: 25 Jun 2008Posts: 17447
 
 
 | 
			  
				| 
   
	| Accell wrote: |  
	| Also,i am using HTTP. |  HTTPRequest or HTTPInput?
 
 Did you restart the EG and the broker?
 
 You should hopefully also have a PMR open.
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | Accell | 
			  
				|  Posted: Wed Jul 01, 2015 9:39 am    Post subject: |   |  | 
		
		  | Novice
 
 
 Joined: 07 Feb 2015Posts: 24
 
 
 | 
			  
				| Hi, 
 I am using SOAP request,the transport is HTTP.
 Yes, we have restarted the broker and the EG but still.
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | mqjeff | 
			  
				|  Posted: Wed Jul 01, 2015 9:44 am    Post subject: |   |  | 
		
		  | Grand Master
 
 
 Joined: 25 Jun 2008Posts: 17447
 
 
 | 
			  
				|   
 You might try the unrestricted policy files from MQ.
 
 Also making sure that the ones you got are valid for jre16...
 
 
    |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  | fjb_saper | 
			  
				|  Posted: Wed Jul 01, 2015 10:23 am    Post subject: |   |  | 
		
		  |  Grand High Poobah
 
 
 Joined: 18 Nov 2003Posts: 20767
 Location: LI,NY
 
 | 
			  
				| 
   
	| Accell wrote: |  
	| Hi, 
 I placed the policy file over here:
 D:\InstalledSoftware\IBM\MQSI\8.0.0.2\jre16\lib
 
 Also,i am using HTTP.
 |  Shouldn't it have been placed into
 D:\InstalledSoftware\IBM\MQSI\8.0.0.2\jre16\lib\security   ??
 
 Have fun
  _________________
 MQ & Broker admin
 |  | 
		
		  | Back to top |  | 
		
		  |  | 
		
		  |  |