My web application is hosted in Websphere Application Server. For all outgoing connection, we have dynamic SSL outbounds configured at server level.Currently, due to patching, SSLv3 has been disabled. Now even though we have upgraded the SSL outbound to support TLSV1.2, and use a TLS based channel MQ channel, still connection to WMQ is failing. The details are provided below. Can someone please help out here?
Websphere Server Details :
Java(TM) SE Runtime Environment (build pxa6460sr16fp60-20180213_02(SR16 FP60))
IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Linux amd64-64 jvmxa6460sr16fp60-20180125_377078 (JIT enabled, AOT enabled)
J9VM - 20180125_377078
JIT - r9_20180125_377078
GA24_Java6_SR16_20180125_1132_B377078)
java version "1.6.0"
JCL - 20180209_01
Websphere MQ version : 7.0.1.14
MQ client jar(com.ibm.mq.jar) version : 5.304 - j5304-G030613.1
Application Code is compiled using JDK 1.6_U80
The error logs are :
Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2400' ('MQRC_UNSUPPORTED_CIPHER_SUITE').
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:223)
... 50 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2400;AMQ9204: Connection to host 'gbrdsr000000542.intranet.barcapint.com(1414)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2400;AMQ9231: The supplied parameter is not valid. [1=TLS_RSA_WITH_AES_128_CBC_SHA256]],3=gbrdsr000000542.intranet.barcapint.com(1414),5=RemoteTCPConnection.chooseSocketFactory]
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:2177)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1308)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:373)
... 49 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2400;AMQ9231: The supplied parameter is not valid. [1=TLS_RSA_WITH_AES_128_CBC_SHA256]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.chooseSocketFactory(RemoteTCPConnection.java:2122)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure(RemoteTCPConnection.java:1933)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress(RemoteTCPConnection.java:753)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1164)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect(RemoteConnection.java:1306)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection(RemoteConnectionPool.java:372)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1734)
... 51 more
The MQ side details :
AMQ8414: Display Channel details.
CHANNEL(MQ.TLS.BFH.CHL) CHLTYPE(SVRCONN)
ALTDATE(2017-11-07) ALTTIME(08.35.01)
COMPHDR(NONE) COMPMSG(NONE)
DESCR(Client channel for BFH WAS Client)
SSLCAUTH(REQUIRED)
SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256)
TRPTYPE(TCP)
The cipher suite being used in JAVA - SSL_RSA_WITH_AES_128_CBC_SHA256
MQ client jar(com.ibm.mq.jar) version : 5.304 - j5304-G030613.1. WAS should come with all of the required jars as part of the MQ RA (Resource Adapter) that is included. I would recommend you remove the abovecom.ibm.mq.jarand any othercom.ibm.mq*jars that you have added. - JoshMc