APAR status
Closed as program error.
Error description
Using the IBM classes for Java or the IBM classes for JMS to make a secure connection to a queue manager, using an Oracle JRE, the Cipher Suite "TLS_RSA_WITH_AES_128_CBC_SHA256", com.ibm.mq.cfg.useIBMCipherMappings=false, and client authentication set to "Optional" on the channel definition the following NullPoinerException is seen: java.lang.NullPointerException at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.getNonFipsSocket Factory(RemoteTCPConnection.java:2394) at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.chooseSocketFact ory(RemoteTCPConnection.java:2246) at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.makeSocketSecure (RemoteTCPConnection.java:1966) at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.connnectUsingLoc alAddress(RemoteTCPConnection.java:865) at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect( RemoteTCPConnection.java:1281) at com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConne ction.java:863) at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSes sionFromNewConnection(RemoteConnectionSpecification.java:409) at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSes sion(RemoteConnectionSpecification.java:305) at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(Remo teConnectionPool.java:146) at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java: 1730) at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java: 1294) at com.ibm.mq.ese.jmqi.InterceptedJmqiImpl.jmqiConnect(InterceptedJ mqiImpl.java:376) at com.ibm.mq.ese.jmqi.ESEJMQI.jmqiConnect(ESEJMQI.java:560) at com.ibm.mq.MQSESSION.MQCONNX_j(MQSESSION.java:916) at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11. java:235) at com.ibm.mq.MQClientManagedConnectionFactoryJ11._createManagedCon nection(MQClientManagedConnectionFactoryJ11.java:450) at com.ibm.mq.MQClientManagedConnectionFactoryJ11.createManagedConn ection(MQClientManagedConnectionFactoryJ11.java:487) at com.ibm.mq.StoredManagedConnection.<init>(StoredManagedConnectio n.java:97) at com.ibm.mq.MQSimpleConnectionManager.allocateConnection(MQSimple ConnectionManager.java:194) at com.ibm.mq.MQQueueManagerFactory.obtainBaseMQQueueManager(MQQueu eManagerFactory.java:868) at com.ibm.mq.MQQueueManagerFactory.procure(MQQueueManagerFactory.j ava:816) at com.ibm.mq.MQQueueManagerFactory.constructQueueManager(MQQueueMa nagerFactory.java:758) at com.ibm.mq.MQQueueManagerFactory.createQueueManager(MQQueueManag erFactory.java:200) at com.ibm.mq.MQQueueManager.<init>(MQQueueManager.java:761)
Local fix
Configure a dummy value for both the javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword Java system properties.
Problem summary
**************************************************************** USERS AFFECTED: This issue affects users of - the IBM classes for Java - the IBM classes for JMS who use - an Oracle JRE - and are making secure connections to the queue manager - and who do not wish to use client authentication, and so do not set the javax.net.ssl.keyStore or javax.net.ssl.keyStorePassword system properties Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: When getting the SSLSocketFactory used to create a secured connection to a queue manager, an attempt was made by the IBM classes for Java and IBM classes for JMS to load a Java keystore based on the values set for the system properties javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword. This was done regardless of whether or not client authentication was requested. If client authentication was not requested, and so the system property javax.net.ssl.keyStorePassword which specifies the password for the key store had not been set, then the IBM classes for Java or IBM classes for JMS attempted to convert the null KeyStorePassword to an array as part of the internal processing that sets up the SSLSocketFactory. This resulted in a NullPointerException being throw.
Problem conclusion
A check has been added which ensures that if the javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword properties have not been set then there is no attempt to load the Java key store, and therefore no attempt to perform an operation on a null variable. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v9.0 CD 9.0.2 v9.0 LTS 9.0.0.1 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT15874
Reported component name
IBM MQ BASE M/P
Reported component ID
5724H7261
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-06-27
Closed date
2017-01-16
Last modified date
2017-06-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
IBM MQ BASE M/P
Fixed component ID
5724H7261
Applicable component levels
R900 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
01 June 2017