无法连接到WMQ服务器v7.0.1.14

时间:2018-05-11 14:24:29

标签: ssl websphere ibm-mq tls1.2

我的Web应用程序托管在Websphere Application Server中。对于所有传出连接,我们在服务器级别配置了动态SSL outbounds。目前,由于修补,SSLv3已被禁用。现在,即使我们已将SSL出站升级为支持TLSV1.2,并使用基于TLS的通道MQ通道,仍然与WMQ的连接失败。详情如下。有人可以帮忙吗?

Websphere服务器详细信息:

Java(TM) SE Runtime Environment (build pxa6460sr16fp60-20180213_02(SR16 FP60))
IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Linux amd64-64 jvmxa6460sr16fp60-20180125_377078 (JIT enabled, AOT enabled)
J9VM - 20180125_377078      
JIT  - r9_20180125_377078
GA24_Java6_SR16_20180125_1132_B377078)      
java version "1.6.0"
JCL  - 20180209_01

Websphere MQ version : 7.0.1.14
MQ client jar(com.ibm.mq.jar) version : 5.304 - j5304-G030613.1
Application Code is compiled using JDK 1.6_U80

错误日志是:

Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2400' ('MQRC_UNSUPPORTED_CIPHER_SUITE').
                at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:223)
                ... 50 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2400;AMQ9204: Connection to host 'gbrdsr000000542.intranet.barcapint.com(1414)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2400;AMQ9231: The supplied parameter is not valid. [1=TLS_RSA_WITH_AES_128_CBC_SHA256]],3=gbrdsr000000542.intranet.barcapint.com(1414),5=RemoteTCPConnection.chooseSocketFactory]
                at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:2177)
                at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1308)
                at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:373)
                ... 49 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2400;AMQ9231: The supplied parameter is not valid. [1=TLS_RSA_WITH_AES_128_CBC_SHA256]
                at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.chooseSocketFactory(RemoteTCPConnection.java:2122)
                at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure(RemoteTCPConnection.java:1933)
                at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress(RemoteTCPConnection.java:753)
                at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1164)
                at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect(RemoteConnection.java:1306)
                at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection(RemoteConnectionPool.java:372)
                at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1734)
                ... 51 more

MQ方详情:

AMQ8414: Display Channel details.
   CHANNEL(MQ.TLS.BFH.CHL)                 CHLTYPE(SVRCONN)
   ALTDATE(2017-11-07)                     ALTTIME(08.35.01)
   COMPHDR(NONE)                           COMPMSG(NONE)
   DESCR(Client channel for BFH WAS Client)
   SSLCAUTH(REQUIRED)
   SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256)
            TRPTYPE(TCP)

JAVA中使用的密码套件 - SSL_RSA_WITH_AES_128_CBC_SHA256

1 个答案:

答案 0 :(得分:0)

WAS JVM似乎无法使用您在MQ通道上使用的密码套件。我的猜测是它抱怨SHA-2签名算法。您可能需要使用不受限制的/无限制的导出策略文件。查看IBM WAS manualIBM Java SDK Security Guide上的说明。

相关问题
最新问题