IC88987: WMQFTE 7.0.4: SFTP PROTOCOL BRIDGE AGENT FAILS WITH A BFGBR0104E REPORTING AN I/O EXCEPTION.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • A WebSphere MQ File Transfer Edition (FTE) SFTP protocol bridge
    agent fails to establish an SSH connection to the SFTP server
    using cipher specs: aes128-ctr, aes192-ctr, or aes256-ctr.
    The SSH negotiation fails and FTE disconnects from the SFTP
    server.
    
    The following BFGBT0104E error is reported and indicates that
    the "algorithm negotiation fails":
    
    c.i.w.t.frame.impl.TransferFrameReceiverImpl
    -- d processChunk data [Recoverable I/O exception
    com.ibm.wmqfte.io.FTETransferIOException: BFGBR0104E: Bridge
    agent failed to connect to host XXX.XXX.XXX.XXX with
    credentials of serverUserId because Algorithm negotiation fail]
    

Local fix

  • Use one of the JSCH default ciphers, aes128-cbc or aes192-cbc,
    currently supported by WMQFTE.
    

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    Users of WebSphere MQ File Transfer Edition/Managed File
    Transfer 7.0.4 and 7.5 that are using the Protocol Bridge
    Agent connecting to an SFTP Server.
    
    
    Platforms affected:
    MultiPlatform
    
    ****************************************************************
    PROBLEM SUMMARY:
    When connecting to an SFTP Server it is not possible to define
    the cipher to use and so uses the default ciphers of aes128-cbc,
    aes192-cbc and aes256-cbc. If these ciphers have been disabled
    on the SFTP Server then the FTE transfer will fail with the
    following:
    
    BFGBR0104E: Bridge agent failed to connect to host
    XXX.XXX.XXX.XXX with credentials of USERNAME because Algorithm
    negotiation fail
    

Problem conclusion

  • This APAR solves the problem by allowing a list of ciphers to
    use on the SFTP connection to be defined in the
    ProtocolBridgeProperties.xml file which is located within the
    config directory of the protocol bridge agent. The new
    'cipherList' attribute should be added to the sftpServer element
    to define the list of comma separated ciphers to use in order of
    preference. For exmaple:
    
    <tns:sftpServer name="xxxx" host="xxxx" platform="UNIX"
    fileEncoding="UTF-8" limitedWrite="false"
    cipherList="aes128-ctr,aes192-ctr" />
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
    Platform           v7.0
    --------           --------------------
    Multiplatforms     7.0.4.3
    
    Platform           v7.5
    --------           --------------------
    Multiplatforms     7.5.0.2
    
    The latest available maintenance can be obtained from
    'WebSphere MQ Recommended Fixes'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037
    
    If the maintenance level is not yet available information on
    its planned availability can be found in 'WebSphere MQ
    Planned Maintenance Release Dates'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    IC88987

  • Reported component name

    WMQ FILE TRANSF

  • Reported component ID

    5724R1000

  • Reported release

    704

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-12-10

  • Closed date

    2013-02-14

  • Last modified date

    2013-02-14

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WMQ FILE TRANSF

  • Fixed component ID

    5724R1000

Applicable component levels

  • R704 PSY

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

WebSphere MQ File Transfer Edition

Software version:

7.0.4

Reference #:

IC88987

Modified date:

2013-02-14

Translate my page

Machine Translation

Content navigation