What's new and changed in Version 8.0.0, Fix Pack 9

Changes to functions and resources in IBM® MQ 8.0.0, Fix Pack 9 are described in this section.

Removal of JSON4J.jar file and com.ibm.msg.client.mqlight package
Additional permission for java.security.policy file
New attribute to allow TLS v1.0 to be optionally disabled on a queue manager
Enhancements to runmqras utility
Changes to fteModifyAgent or fteModifyLogger commands

Removal of JSON4J.jar file and com.ibm.msg.client.mqlight package

The JSON4J.jar file and com.ibm.msg.client.mqlight package are not needed by the IBM MQ classes for Java and IBM MQ classes for JMS, therefore the following changes are made from Version 8.0.0, Fix Pack 9:

The JSON4J.jar file is removed from the V.R.M.F-WS-MQ-Install-Java-All.jar file, where V.R.M.F is the product version number, for example 8.0.0.9.
The reference to JSON4J.jar file is removed from the class path statement within the manifest file for the com.ibm.mq.allclient.jar file.
The package com.ibm.msg.client.mqlight is no longer included inside the com.ibm.mq.allclient.jar file.

See Installing the IBM MQ classes for JMS separately, What is installed for IBM MQ classes for JMS, and What is installed for IBM MQ classes for Java.

Additional permission for java.security.policy file

From Version 8.0.0, Fix Pack 9, if your Java application uses the Java Security Manager, you must add a RuntimePermission to the java.security.policy file used by the application, otherwise, exceptions will be thrown to the application. This RuntimePermission is required by the client as part of managing the assignment and closure of multiplexed conversations over TCP/IP connections to queue managers.

For more information, see Running IBM MQ classes for Java applications under the Java Security Manager.

New attribute to allow TLS v1.0 to be optionally disabled on a queue manager

From Version 8.0.0, Fix Pack 9, a new attribute is available in the qm.ini file, under the SSL stanza:

SSL:
   AllowTLSV1=NO

If this attribute is set in the qm.ini file before the queue manager is started, the queue manager does not accept inbound connections using the TLS v1.0 protocol. Similarly, if an LDAP connection is configured using an AUTHINFO object, only TLS 1.2 is used to communicate with the LDAP server if secure communication is enabled for the AUTHINFO object.

Alternatively, the AMQ_TLS_V1_DISABLE environment variable can be set for the environment used to start the queue manager, listener, and channel processes.

If either property is set, as well as disallowing TLS 1.0 connection attempts at the network layer, the queue manager's command server also rejects attempts to define or alter a channel definition to use a TLS 1.0 CipherSpec.

The default queue manager behavior is unchanged, such that TLS 1.0 connections continue to be accepted if the new attribute or environment variable is not set.

Enhancements to runmqras utility

From Version 8.0.0, Fix Pack 9, the following enhancements are made to the runmqras utility:

Environment variable information is retrieved by default.
Queue manager data directory listings are retrieved by default.
A leak section is added to the runmqras command to gather IBM MQ process resource usage information.

For more information, see runmqras (collect IBM MQ diagnostic information).

Changes to fteModifyAgent or fteModifyLogger commands

From Version 8.0.0, Fix Pack 9, additional checks are added under APAR IT22423 such that any updates that are made to the JVM options for an agent or logger with the -serviceJVMOptions parameter of the fteModifyAgent or fteModifyLogger command are verified to make sure that the options have been correctly specified. For more information, see Guidance for updating agent or logger JVM options.