APAR status
Closed as program error.
Error description
To configure a WebSphere MQ classes for Java/JMS application to connect to a queue manager over a secure socket, the application selects a specific CipherSuite to use. However the specific CipherSuites which was selected maps to multiple CipherSpecs. The WebSphere MQ classes for Java/JMS API provides no mechanism by which the specific CipherSpec which is negotiated between the application and queue manager can be chosen.
Local fix
Problem summary
**************************************************************** USERS AFFECTED: This affect users of WebSphere MQ classes for Java/JMS, at versions 7.0.1, 7.1 and 7.5 trying to use the following CipherSuite -> CipherSpec mappings: CipherSuite CipherSpec ----------- ---------- SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA SSL_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_SHA256 when the JVM is not operating in FIPS mode. Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: The CipherSuites in the list above can each be used to map with 2 different queue manager CipherSpecs - one which utilises the SSLv3 protocol, and one the TLS protocol. The WebSphere MQ Classes for Java/JMS configuration only permitted the mapping to the CipherSpec which utilised the TLS mapping if the JVM FIPS mode was enabled, despite this not being a prerequisite for these ciphers.
Problem conclusion
The WebSphere MQ classes for Java/JMS have been updated, such that the TLS usage mapping for the above CipherSuites/CipherSpecs can now be used if the JVM property: com.ibm.mq.cfg.preferTLS is set to true. For example, to set this property for the application "MyApplication" started from the command line, you would use the following syntax: java -Dcom.ibm.mq.cfg.preferTLS=true MyApplication --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v7.0 7.0.1.13 v7.1 7.1.0.7 v7.5 7.5.0.5 v8.0 8.0.0.2 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT06775
Reported component name
WMQ WINDOWS V7
Reported component ID
5724H7220
Reported release
701
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2015-01-27
Closed date
2015-04-27
Last modified date
2015-08-26
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WMQ WINDOWS V7
Fixed component ID
5724H7220
Applicable component levels
R701 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSDEZSF","label":"IBM WebSphere MQ Managed File Transfer for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
31 March 2023