Why does the IBM WebSphere MQ resource adapter (JCA) not recognize the sslFipsRequired configuration?
Issue
- WebSphere MQ Resource Adapter cannot communicate with the backend MQ connection over SSL using the following option:-
<config-property name="sslCipherSuite">SSL_RSA_WITH_3DES_EDE_CBC_SHA</config-property>
<config-property name="sslFipsRequired">true</config-property>
-
The connection fails when client tries to connect to backend MQ connection over SSL with resource adapter configured as follows and getting the following in the trace logs:-
- Configuration for
WebSphere MQ Resource Adapter: 7.0.1.0-k000-L090724 (wmq.jmsra.rar):-
<config-property name="channel" type="java.lang.String">xxxxxxxx</config-property> <config-property name="hostName" type="java.lang.String">xxxxxxxx</config-property> <config-property name="port" type="java.lang.String">xxxx</config-property> <config-property name="queueManager" type="java.lang.String">xxxxxxx</config-property> <config-property name="transportType" type="java.lang.String">CLIENT</config-property> <config-property name="sslCipherSuite">SSL_RSA_WITH_3DES_EDE_CBC_SHA</config-property> <config-property name="sslFipsRequired">true</config-property>- The cipherspec sent to host is TRIPLE_DES_SHA_US, and the connection fails with message:-
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host 'xxxxxxx' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9641: Remote CipherSpec error for channel 'xxxx.xxxxx'. [3=xxxx.xxxxx]],3=xxxxxxx,5=RemoteConnection.analyseErrorSegment] - Configuration for
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 5.1.2
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
