MQ SSL error, protocol disabled, or encrypted suites are inappropriate
I have an MQ spring jms application that works fine using an SSL channel. However, after a recent Java security patch that was applied, the application stopped working with the error below.
Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:209) ~[com.ibm.mqjms-7.5.0.0.jar:7.5.0.0 - p000-L120604]
... 45 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.Handshaker.activate(Handshaker.java:438) ~[na:1.6.0_34]
at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1414) ~[na:1.6.0_34]
I noticed that a new java security file has added this line which causes this error when connecting SSL to MQ.
jdk.tls.disabledAlgorithms = SSLv3
I cannot remove this line as this is a common environment, what are my options to make this work. I am using MQQueueConnectionFactory configured and injected into my spring JMS components.
thank
source to share
To support reactive support, when you should get this working (ASAP), comment / disable this policy in this security file. This will allow the Spring application to continue as before.
But you need to work with a permanent fix, either with the TLS version of the same cipher, or to migrate to a new TLS cipher.
source to share
You need to map SipherSpecs suitable for TLS both on the server connection channel in the queue manager and on your client.
This should help the client side:
http://www-01.ibm.com/support/knowledgecenter/SSFKSJ_8.0.0/com.ibm.mq.dev.doc/q113220_.htm
Whereas the QM side is easiest to use with MQ Explorer and just looks at the SSL properties of the server connection channel specified in the factory connection.
source to share