Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

JMSCMQ0001: IBM MQ call failed with compcode '2' ('MQCC_FAILED') reason '2400' ('MQRC_UNSUPPORTED_CIPHER_SUITE')

Tags:

ssl

jms

weblogic

ibm-mq

I am getting the following exception while trying to make a connection with remote MQ from my Java client on my local machine:

com.ibm.mq.MQException: JMSCMQ0001: IBM MQ call failed with compcode '2' ('MQCC_FAILED') reason '2400' ('MQRC_UNSUPPORTED_CIPHER_SUITE')

This is with Java version 1.7, the Oralce JRE, cipher suite 'TLS_RSA_WITH_AES_256_CBC_SHA256' and the following Maven dependencies:

<dependency>
  <groupId>com.ibm.mq</groupId>
  <artifactId>allclient</artifactId>
  <version>9.0.0</version>
</dependency>
<dependency>
  <groupId>com.sun.messaging.mq</groupId>
  <artifactId>fscontext</artifactId>
  <version>4.4.2</version>
</dependency>
like image 739
Waqas Ahmed Avatar asked May 02 '17 11:05

Waqas Ahmed

2 Answers

Update

Updating each point provided before with more current information.

  1. IBM MQ 9.2 and higher now support TLS1.3. The TLS1.3 ciphersuites now use the standard names which match in both Oracle Java and IBM Java, the use of -Dcom.ibm.mq.cfg.useIBMCipherMappings=false should no longer be required of you are able to use a TLS1.3 ciphersuite.

  2. The signature algorithm SHA224withRSA is required to use the Oracle Cipher Suite TLS_RSA_WITH_AES_256_CBC_SHA256. Oracle JRE 1.7.0_171 or later and 1.8.0_162 or later now come with unlimited strength policy files enabled by default and support SHA224withRSA.

  3. The JCE Unlimited Strength Jurisdiction Policy Files required to use a SHA256 Cipher Suite are now included and enabled by default in the above versions or later.

There are three things that impact this:

  1. If you want to use Oracle JRE you need to set -Dcom.ibm.mq.cfg.useIBMCipherMappings=false, this will allow IBM MQ to use the Oracle Cipher Suite names like TLS_RSA_WITH_AES_256_CBC_SHA256

  2. The signature algorithm SHA224withRSA is not supported by Oracle JRE 1.7 and is required to use the Oracle Cipher Suite TLS_RSA_WITH_AES_256_CBC_SHA256. Based on this you would need to go to Oracle JRE 1.8.

  3. You will need to obtain and install the JCE Unlimited Strength Jurisdiction Policy Files to use a SHA256 Cipher Suite.

The information above is covered in more detail in my answer to another post "MQ Error on SSL enabled".

like image 93
JoshMc Avatar answered Nov 07 '22 04:11

JoshMc

You can also try this additional params:

-Djavax.net.ssl.trustStorePassword=mqpassword -Djavax.net.ssl.keyStorePassword=mqpassword  -Dcom.ibm.mq.cfg.preferTLS=true -Dcom.ibm.mq.cfg.useIBMCipherMappings=false
like image 21
Snehal Masne Avatar answered Nov 07 '22 04:11

Snehal Masne
Sign in to Comment

Related questions

grequests with requests has collision
SSL Certificate error in node.js
How to resolve : java.io.IOException: jsse.alias_no_key_entry
SSL and public key security
Does Windows Phone 7.1 support SSL sockets?
creating a Java Proxy Server that accepts HTTPS
Can I create a self-signed SSL certificate for Windows Azure using only makecert.exe?
No cipher suites in common while establishing a secure connection
SSLHandshakeException: Received fatal alert: handshake_failure when setting ciphers on tomcat 7 server
How to send a client SSL certificate to server by using CFStream in my iOS app?
iOS NSURLAuthenticationMethodClientCertificate not requested vs ActiveSync server
Is it possible to work with FTPS under PHP using stream context?
SSLError (Read operation timed out) in Python requests
openssl -connect returns wrong certificate
Server sent events stopped work after enabling ssl on proxy
Enabling HTTPS support on Tumblr blogs
How to call default ServerCertificateValidationCallback inside customized validation?
Set imported certificate to always be trusted in Mac OS X
Unable to download nltk data
Error while creating a CSR [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!