Why does the IBM WebSphere MQ resource adapter (JCA) not recognize the sslFipsRequired configuration?
Issue
- WebSphere MQ Resource Adapter cannot communicate with the backend MQ connection over SSL using the following option:-
<config-property name="sslCipherSuite">SSL_RSA_WITH_3DES_EDE_CBC_SHA</config-property>
<config-property name="sslFipsRequired">true</config-property>
-
The connection fails when client tries to connect to backend MQ connection over SSL with resource adapter configured as follows and getting the following in the trace logs:-
- Configuration for
WebSphere MQ Resource Adapter: 7.0.1.0-k000-L090724 (wmq.jmsra.rar):-
<config-property name="channel" type="java.lang.String">xxxxxxxx</config-property> <config-property name="hostName" type="java.lang.String">xxxxxxxx</config-property> <config-property name="port" type="java.lang.String">xxxx</config-property> <config-property name="queueManager" type="java.lang.String">xxxxxxx</config-property> <config-property name="transportType" type="java.lang.String">CLIENT</config-property> <config-property name="sslCipherSuite">SSL_RSA_WITH_3DES_EDE_CBC_SHA</config-property> <config-property name="sslFipsRequired">true</config-property>- The cipherspec sent to host is TRIPLE_DES_SHA_US, and the connection fails with message:-
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host 'xxxxxxx' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9641: Remote CipherSpec error for channel 'xxxx.xxxxx'. [3=xxxx.xxxxx]],3=xxxxxxx,5=RemoteConnection.analyseErrorSegment] - Configuration for
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 5.1.2
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
