来自Mule的IBM MQ连接问题 - UNSUPPORTED_CIPHER_SUITE并且没有mqjbnd错误

时间:2018-01-26 12:55:31

标签: ssl mule ibm-mq

我正在尝试将来自mule的MQ连接为客户端模式。能够连接,没有问题。

但是当我使用Cipher套件和#34; TLS_RSA_WITH_AES_128_CBC_SHA"启用SSL时,面对错误为UNSUPPORTED_CIPHER_SUITE,因此根据IBM技术说明启用了MQ跟踪器,现在我在java.library.path错误中没有得到mqjbnd。

代码段: - 

<spring:bean id="ConnectionFactory" name="ConnectionFactory" class="com.ibm.mq.jms.MQConnectionFactory">
     <spring:property name="hostName" value="xxxx" />
     <spring:property name="port" value="xxxx"/>
     <spring:property name="queueManager" value="xxxx"/>
     <spring:property name="transportType" value="1"/>
     <spring:property name="sSLCipherSuite" value="TLS_RSA_WITH_AES_128_CBC_SHA"/>
     <spring:property name="channel" value="xxxx"/>
</spring:bean>

<jms:connector name="JMS" username="xxxx" password="xxxx" specification="1.1" connectionFactory-ref="ConnectionFactory" numberOfConsumers="1" validateConnections="true"  persistentDelivery="true" doc:name="JMS"/>

错误 - 

org.mule.module.launcher.DeploymentStartException: MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2400' ('MQRC_UNSUPPORTED_CIPHER_SUITE').
        at org.mule.module.launcher.application.DefaultMuleApplication.start(DefaultMuleApplication.java:178) ~[mule-module-launcher-3.9.0.jar:3.9.0]
        at org.mule.module.launcher.artifact.ArtifactWrapper$4.execute(ArtifactWrapper.java:106) ~[mule-module-launcher-3.9.0.jar:3.9.0]
        at org.mule.module.launcher.artifact.ArtifactWrapper.executeWithinArtifactClassLoader(ArtifactWrapper.java:137) ~[mule-module-launcher-3.9.0.jar:3.9.0]
        at org.mule.module.launcher.artifact.ArtifactWrapper.start(ArtifactWrapper.java:101) ~[mule-module-launcher-3.9.0.jar:3.9.0]
        at org.mule.module.launcher.DefaultArtifactDeployer.deploy(DefaultArtifactDeployer.java:73) ~[mule-module-launcher-3.9.0.jar:3.9.0]
        at org.mule.module.launcher.DefaultArchiveDeployer.deployArtifact(DefaultArchiveDeployer.java:536) [mule-module-launcher-3.9.0.jar:3.9.0]
        at org.mule.module.launcher.DefaultArchiveDeployer.deployArtifact(DefaultArchiveDeployer.java:333) [mule-module-launcher-3.9.0.jar:3.9.0]
        at org.mule.module.launcher.DefaultArchiveDeployer.deployExplodedApp(DefaultArchiveDeployer.java:325) [mule-module-launcher-3.9.0.jar:3.9.0]
        at org.mule.module.launcher.DefaultArchiveDeployer.deployExplodedArtifact(DefaultArchiveDeployer.java:100) [mule-module-launcher-3.9.0.jar:3.9.0]
        at org.mule.module.launcher.DeploymentDirectoryWatcher.deployExplodedApps(DeploymentDirectoryWatcher.java:298) [mule-module-launcher-3.9.0.jar:3.9.0]
        at org.mule.module.launcher.DeploymentDirectoryWatcher.start(DeploymentDirectoryWatcher.java:156) [mule-module-launcher-3.9.0.jar:3.9.0]
        at org.mule.module.launcher.MuleDeploymentService.start(MuleDeploymentService.java:139) [mule-module-launcher-3.9.0.jar:3.9.0]
        at org.mule.module.launcher.MuleContainer.start(MuleContainer.java:172) [mule-module-launcher-3.9.0.jar:3.9.0]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_161]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_161]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_161]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_161]
        at org.mule.module.reboot.MuleContainerWrapper.start(MuleContainerWrapper.java:52) [mule-module-reboot-3.9.0.jar:3.9.0]
        at org.tanukisoftware.wrapper.WrapperManager$12.run(WrapperManager.java:2788) [wrapper-3.2.3.jar:3.2.3]
Caused by: org.mule.retry.RetryPolicyExhaustedException: JMSWMQ0018: Failed to connect to queue manager 'XXXX' with connection mode 'Client' and host name 'null'.
        at org.mule.retry.policies.AbstractPolicyTemplate.execute(AbstractPolicyTemplate.java:111) ~[mule-core-3.9.0.jar:3.9.0]
        at org.mule.transport.AbstractConnector.connect(AbstractConnector.java:1658) ~[mule-core-3.9.0.jar:3.9.0]
        at org.mule.transport.jms.JmsConnector.connect(JmsConnector.java:483) ~[mule-transport-jms-3.9.0.jar:3.9.0]
        at org.mule.transport.AbstractConnector.start(AbstractConnector.java:449) ~[mule-core-3.9.0.jar:3.9.0]
        at sun.reflect.GeneratedMethodAccessor36.invoke(Unknown Source) ~[?:?]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_161]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_161]
        at org.mule.lifecycle.phases.DefaultLifecyclePhase.applyLifecycle(DefaultLifecyclePhase.java:230) ~[mule-core-3.9.0.jar:3.9.0]
        at org.mule.lifecycle.RegistryLifecycleCallback.doApplyLifecycle(RegistryLifecycleCallback.java:108) ~[mule-core-3.9.0.jar:3.9.0]
        at org.mule.lifecycle.RegistryLifecycleCallback.onTransition(RegistryLifecycleCallback.java:78) ~[mule-core-3.9.0.jar:3.9.0]
        at org.mule.lifecycle.AbstractLifecycleManager.invokePhase(AbstractLifecycleManager.java:146) ~[mule-core-3.9.0.jar:3.9.0]
        at org.mule.lifecycle.RegistryLifecycleManager.fireLifecycle(RegistryLifecycleManager.java:134) ~[mule-core-3.9.0.jar:3.9.0]
        at org.mule.registry.AbstractRegistryBroker.fireLifecycle(AbstractRegistryBroker.java:88) ~[mule-core-3.9.0.jar:3.9.0]
        at org.mule.registry.MuleRegistryHelper.fireLifecycle(MuleRegistryHelper.java:141) ~[mule-core-3.9.0.jar:3.9.0]
        at org.mule.lifecycle.MuleContextLifecycleManager$MuleContextLifecycleCallback.onTransition(MuleContextLifecycleManager.java:74) ~[mule-core-3.9.0.jar:3.9.0]
        at org.mule.lifecycle.MuleContextLifecycleManager$MuleContextLifecycleCallback.onTransition(MuleContextLifecycleManager.java:70) ~[mule-core-3.9.0.jar:3.9.0]
        at org.mule.lifecycle.AbstractLifecycleManager.invokePhase(AbstractLifecycleManager.java:146) ~[mule-core-3.9.0.jar:3.9.0]
        at org.mule.lifecycle.MuleContextLifecycleManager.fireLifecycle(MuleContextLifecycleManager.java:62) ~[mule-core-3.9.0.jar:3.9.0]
        at org.mule.DefaultMuleContext.start(DefaultMuleContext.java:320) ~[mule-core-3.9.0.jar:3.9.0]

几个笔记 -

1)不知道为什么我会收到密码套件错误,因为我能够使用相同的密码从其他java程序成功连接到同一个MQ。

2)此外,我尝试按照MQ客户端跟踪器日志连接客户端[TransportType = 1],它尝试连接为Binding而不是客户端。

3)我正在使用OpenJDK-1.8,MQ-8.0.0.2服务器并尝试使用MQ-java客户端作为7.5.0.0

4)我已指定-Dcom.ibm.mq.cfg.useIBMCipherMappings=false

任何人都可以指导我在这里缺少的东西。

1 个答案:

答案 0 :(得分:2)

您可以忽略mqjbnd错误。 mqjbnd仅用于与同一服务器上的本地队列管理器的绑定模式连接。当您打开跟踪时,Java客户端将查找此文件以将有关它的信息记录到跟踪文件中。在客户端模式下,它不被使用,因此是无害的错误。

APAR IC89380描述了使用mqjbnd的原因:

| The native library 'mqjbnd' is used by the WebSphere MQ
| classes for Java and WebSphere MQ classes for JMS when
| creating a connection to the queue manager using a 'bindings'
| mode connection. A bindings mode connection is a connection
| which uses the system's memory to communicate with the queue
| manager, as opposed to a 'client' mode connection which uses
| a TCP/IP socket.

APAR IV66840,添加了使用非IBM JRE(即Oracle / OpenJDK)CipherSuite名称并添加useIBMCipherMappings设置的功能,直到7.5.0.5才会出现。因为您使用的是7.5.0.0,所以此设置无效。

在7.5.0.5之前,您将无法将任何CipherSuite与Oracle / OpenJDK JRE一起使用,除非它与IBM JRE具有相同的名称。 IBM MQ v8.0.0.3及更高版本队列管理器支持的所有TLSv1.2 CipherSpec都具有CipherSuite,其在Oracle JRE中以TLS为前缀,在IBM JRE中以SSL为前缀。在MQ v8.0.0.2中,队列管理器仍然允许在IBM和Oracle / OpenJDK JRE中具有CipherSuite名称TLS_RSA_WITH_RC4_128_SHA256的CipherSpec SSL_RSA_WITH_RC4_128_SHA,但由于在下一个维护级别中不推荐使用它不建议使用它。

解决方案,将您的IBM MQ jar文件升级到以下级别中的至少一个:

Version    Maintenance Level
v7.5       7.5.0.5
v8.0       8.0.0.2
v9.0LTS    9.0.0.0
v9.0CD     9.0.1

请注意,MQ v7.5将于2018年4月30日从IBM停止服务,因此建议使用v8.0或更高版本。

相关问题
最新问题