IBM Support

Error AMQ9620 using SSL/TLS on Linux POWER Little Endian systems in FIPS mode

Troubleshooting


Problem

When running IBM MQ on Linux POWER Little Endian systems, an SSL or TLS channel fails to start with error AMQ9620 when MQ is configured to enforce FIPS 140-2 compliant operation. Client applications fail to connect with error 2393 (MQRC_SSL_INITIALIZATION_ERROR) in addition to error AMQ9620. The error message shows that error code 207 was returned by the gsk_environment_init function call.

Symptom

An error similar to the following appears in the MQ error log:


AMQ9620: Internal error on call to SSL function on channel 'CHANNEL' to
host 'hostname (192.168.1.4)(1414)'.

EXPLANATION:
An error indicating a software problem was returned from a function which is
used to provide SSL or TLS support. The error code returned was '207'. The
function call was 'gsk_environment_init'. 

The channel is 'CHANNEL'; in some cases its name cannot be determined
and so is shown as '????'. The channel did not start. 

The remote host name is 'hostname (192.168.1.4)(1414)'.
ACTION:
Collect the items listed in the 'Problem determination' section of the System
Administration manual and use either the MQ Support site:
http://www.ibm.com/software/integration/wmq/support/, or IBM Support Assistant
(ISA): http://www.ibm.com/software/support/isa/, to see whether a solution is
already available.  If you are unable to find a match, contact your IBM support
center.

Cause

There is a known issue on the Linux POWER Little Endian platform which prevents FIPS 140-2 compliant operation in queue managers and MQI clients.

Resolving The Problem

This issue is addressed by the level of GSKit supplied with MQ 8.0.0.4 and later fix packs.

If running a release of MQ version 8 earlier than fix pack 4, do not enable FIPS 140-2 compliance on the Linux POWER Little Endian platform.

Related Information

[{"Product":{"code":"SSFKSJ","label":"WebSphere MQ"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"SSL","Platform":[{"code":"PF016","label":"Linux"}],"Version":"8.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg21695457