MQVB, MQVE & MQBT JRE Cipher Spec Issue

August 29, 2014 Roger Lacroix

A customer was using MQ Visual Browse (MQVB) and configuring MQVB to use SSL to connect to a remote queue manger (WMQ v7.5.0.2). They said:

I am getting error “Reason Code = 2400”, when specifying TLS_RSA_WITH_AES_256_CBC_SHA as the SSL Cipher Spec Name.

They also said:

We have other MQ Java using SSL working with TLS_RSA_WITH_AES_128_CBC_SHA and TLS_RSA_WITH_AES_256_CBC_SHA using the IBM JRE.

Due to security standards here, there are 3 acceptable cipher specs we are allowed to use. Of the three, only the weakest (TRIPLE_DES_SHA_US) will work with MQ Visual Browse

Cipher Spec	Cipher Suite	Results
TLS_RSA_WITH_AES_256_CBC_SHA	SSL_RSA_WITH_AES_256_CBC_SHA	Did not work
TLS_RSA_WITH_AES_128_CBC_SHA	SSL_RSA_WITH_AES_128_CBC_SHA	Did not work
TRIPLE_DES_SHA_US	SSL_RSA_WITH_3DES_EDE_CBC_SHA	Worked

Currently, MQ Visual Browse (MQVB), MQ Visual Edit (MQVE) and MQ Batch Toolkit (MQBT) are build and deployed using Excelsior JET v7.6 (which is based on Oracle’s JRE v1.6.0_41).

My first thought was that the JRE needed the 256-bit JCE policy. I had the customer deploy the 256-bit JCE policy but it did not make any difference.

Next, I did a build and deployment of MQVB using Oracle’s JRE v1.6.0_41 but it resulted in the same issue for the customer.

Since, the customer has IBM’s JRE v1.6.0 installed on their PC, I had them rename the embedded Oracle JRE, so that MQVB would use the installed IBM JRE. This time everything worked.

Therefore, if you are using MQVB, MQVE or MQBT and are having issues trying to use certain MQ SSL Cipher Specs then let us know and we will get it sorted out.

Regards,
Roger Lacroix
Capitalware Inc.

This entry was posted in Capitalware, IBM i (OS/400), IBM MQ, Java, Linux, macOS (Mac OS X), MQ Batch Toolkit, MQ Visual Browse, MQ Visual Edit, Security, Unix, Windows, z/OS.

2 Responses to MQVB, MQVE & MQBT JRE Cipher Spec Issue

Search for:
Recent Posts
Blog Calendar
April 2024

M T W T F S S

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30

« Mar
Capitalware
Archives
Archives
Categories
IBM MQ
WebSphere MQ
- Terms of Use
- IBM MQ MP1B supportpac - Interpreting accounting and statistics data, and other utilities April 11, 2024
- IBM MQ MP1B supportpac - Interpreting accounting and statistics data, and other utilities April 11, 2024
- Cumulative security update (CSU) 9.0.0.23 for IBM MQ on Linux PPC64LE February 29, 2024
- Cumulative security update (CSU) 9.0.0.23 for IBM MQ on Solaris 64-bit,x86 February 29, 2024
IBM Developer Messaging Blog
T.Rob’s Store and Forward
Mark Taylor’s Blog
- Passwords with runmqsc scripts April 4, 2024
- MQ Metrics with OpenTelemetry March 1, 2024
- Handling MQ logs and events with OpenTelemetry February 10, 2024
- MQ JMS and Spring: Spring Boot 2 now at end of regular support January 15, 2024
- Unexpected behaviour in MQI Callback January 4, 2024
Lyns Random Thoughts
Leif Davidsen’s Blog
- IBM Cloud Pak for Integration 2023.4.1 – when bigger is not always better. October 31, 2023
- Cross the river without falling in. Modernize your business with IBM Cloud Pak for Integration. July 31, 2023
- More workload, less work with Cloud Pak for Integration 2023.2.1 May 9, 2023
- Seeing is believing with the latest updates to IBM Integration including Cloud Pak for Integration 2022.4.1 and MQ V9.3.1 November 23, 2022
- The new Cloud Pak for Integration 2022.2.1 delivers years of support for your business June 10, 2022
Colin Paice on MQ
- One minute networks: MAC address April 23, 2024
- One minute networks: Switches, routers, hubs and IP addresses April 23, 2024
- One minute MVS: Networking subnets. April 8, 2024
- How does my network interface get an IP address, and is a generated address ok to use? April 8, 2024
- Setting up for PING can be difficult! March 28, 2024
- Real time monitor for z/OS TCPIP interface statistics March 11, 2024
- Using a 31 bit parameter list in a 64 bit C program. March 4, 2024
- Using dynamic allocation (SVC99) from a C program. March 4, 2024
- Where’s my packet gone? How can I see it being discarded. February 28, 2024
- zWireshark – capturing TCPIP trace on z/OS and displaying it in wireshark. February 21, 2024
StackOverflow MQ Questions
- pymqi: no way to deallocate message handles? April 24, 2024
- Adding a delay on consumption of messages with Spring JMS DefaultMessageListenerContainer without using Delivery Delay April 22, 2024
- IBM Queue does not remove message after consumption April 20, 2024
- JNDI Connection Issue with mq-jms-spring-boot-starter April 16, 2024
- Destructively reading messages from IBM MQ Queue are not being removed from queue April 14, 2024
- WebSphere lister did not go down when schema has been changed in the table. Messages were keep on Failing April 14, 2024
- pymqi ccdt file being ignored? April 12, 2024
- Configure IBMMQ JNDI context with JMS in Spring Boot April 8, 2024
- Classpath error when running a compiled JAR file locally April 5, 2024
- Broken bar does not supported when I sent JMS byte message to IBMMQ Cics April 4, 2024
StackOverflow MQTT Questions
- How can I add a timestamp to MQTT messages in AWS IoT Bridge or EMQX? April 24, 2024
- Azure: Subscribing to an external MQTT Broker April 24, 2024
- Spring boot Mqtt is connecting and receiving msgs but after a while it stops receiving messages without giving any error April 24, 2024
- How to publish and subscribe from and to device in iot hub? April 24, 2024
- AWS Greengrass component MQTT message is not showing in MQTT client test in console April 23, 2024
- Is it possible to do clustering using single IP address but different ports having config given below? April 23, 2024
- How to guarantee the processing of MQTT messages with Quarkus April 22, 2024
- Paho Mqtt in Unreal Engine 5.3.2 April 22, 2024
- MQTT multiple subscribers to one topic April 22, 2024
- How can I skip a processors.exec for a specific output? April 19, 2024