Topic
  • No replies
SureshTelagareddi
SureshTelagareddi
1 Post

Pinned topic MQ 5.7 & IBM jre8 , equivalant cipher suite for cipher spec "TRIPLE_DES_SHA_US"

‏2017-03-29T07:06:21Z |

Hi All ,

 

I m trying to connect MQ7.5 using IBM JRE-8  over SSL . In MQ system they configured "TRIPLE_DES_SHA_US" and we are using "SSL_RSA_WITH_3DES_EDE_CBC_SHA" cipher suite in my java program to connect MQ. 

But it is giving below given error.

 

MQJE001: An MQException occurred: Completion Code 2, Reason 2009
MQJE016: MQ queue manager closed channel immediately during connect
Closure reason = 2009

Steps i have followed 

1. Certificated imported to truststore 

2. executed java program with actual channel details of MQ.

 

Certificate Import to truststore:

/opt/ibm/java-i386-80/jre/bin/keytool -import -alias jre_cert -file qms1.arm -keystore /opt/ibm/java-i386-80/jre/lib/security/cacerts

Enter keystore password:
Owner: CN="XXX, O=XXX, OU=XXX, C=IN"
Issuer: CN="XXX, O=XXX, OU=XXX, C=IN"
Serial number: 115d214a64b03f04
Valid from: 1/17/17 12:36 PM until: 1/13/18 12:36 PM
Certificate fingerprints:
         MD5:  1B:F1:6D:D1:88:5B:69:C0:B1:21:07:9C:FA:89:EC:2C
         SHA1: 77:DE:4A:66:72:77:34:CC:67:D1:3B:46:D5:1D:E3:B0:20:70:0E:5B
         SHA256: DE:F6:1C:96:4A:DE:9F:0C:AF:BF:73:52:1F:23:1A:49:E1:84:AE:3D:FD:97:0D:CF:FF:F3:C3:C7:D4:C0:9B:2E
         Signature algorithm name: SHA1withRSA
         Version: 3
Trust this certificate? [no]:  yes
Certificate was added to keystore

 

Sample Program we are using .

import com.ibm.mq.MQEnvironment;

import com.ibm.mq.MQQueueManager;
import com.ibm.mq.MQC;
import javax.net.ssl.SSLContext;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import java.security.cert.*;
import java.util.ArrayList;
import java.util.Collection;

/**
 *
 * @author Suresh
 */
public class MQTest {

    private static MQQueueManager _queueManager = null;

    public static void main(String[] args) throws Exception {

        MQEnvironment.hostname = "XX.XX.XX.XX";
        MQEnvironment.channel = "CHANNEL.SVRCONN"; // With  SSL
        MQEnvironment.port = XXXX;
        
        System.setProperty("javax.net.debug", "ssl");
        String cacerts="/opt/jdk1.8.0_121/jre/lib/security/cacerts";
        System.setProperty("javax.net.ssl.trustStore", cacerts);
        System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

        MQEnvironment.sslCipherSuite = args[0];
        System.out.println("\t using ssl Cipher suite       :: " + MQEnvironment.sslCipherSuite);
        System.out.println("\t MQEnvironment.version_notice :: " + MQEnvironment.version_notice);
        MQEnvironment.properties.put(MQC.TRANSPORT_PROPERTY, MQC.TRANSPORT_MQSERIES);
        
        MQEnvironment.sslFipsRequired=false;
        _queueManager = new MQQueueManager("QUEUE_NAME");
        System.out.println("\t _queueManager                        : " + _queueManager);
    }
}

 

Debug Log : 

 

/opt/ibm/java-i386-80/jre/bin/java -Dcom.ibm.jsse2.disableSSLv3=false   -jar MQ_Testing.jar TLS_RSA_WITH_3DES_EDE_CBC_SHA
         using ssl Cipher suite       :: TLS_RSA_WITH_3DES_EDE_CBC_SHA
         MQEnvironment.version_notice :: Websphere MQ classes for Java V6.0.0
IBMJSSE2 will allow protocol SSLv3 per com.ibm.jsse2.disableSSLv3 set to FALSE
IBMJSSEProvider2 Build-Level: -20160616
Installed Providers =
        IBMJSSE2
        IBMJCE
        IBMJGSSProvider
        IBMCertPath
        IBMSASL
        IBMXMLCRYPTO
        IBMXMLEnc
        IBMSPNEGO
        SUN
jdk.tls.client.protocols is defined as null
SUPPORTED: [SSLv3, TLSv1, TLSv1.1, TLSv1.2]
SERVER_DEFAULT: [SSLv3, TLSv1, TLSv1.1, TLSv1.2]
CLIENT_DEFAULT: [SSLv3, TLSv1, TLSv1.1, TLSv1.2]
keyStore is: /opt/ibm/java-i386-80/jre/lib/security/cacerts
keyStore type is: jks
keyStore provider is:
init keystore
init keymanager of type IbmX509
trustStore is: /opt/jdk1.8.0_121/jre/lib/security/cacerts
trustStore type is: jks
trustStore provider is:
init truststore
adding as trusted cert:
  Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Issuer:  CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Algorithm: RSA; Serial number: 0xc3517
  Valid from Mon Jun 21 09:30:00 IST 1999 until Mon Jun 22 09:30:00 IST 2020

adding as trusted cert:
  Subject: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
  Algorithm: EC; Serial number: 0x3cb2f4480a00e2feeb243b5e603ec36b
  Valid from Mon Nov 05 05:30:00 IST 2007 until Tue Jan 19 05:29:59 IST 2038

------
------
-------
our certificate info
---
-----
------
adding as trusted cert:
  Subject: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0x33af1e6a711a9a0bb2864b11d09fae5
  Valid from Thu Aug 01 17:30:00 IST 2013 until Fri Jan 15 17:30:00 IST 2038

SSLContextImpl:  Using X509ExtendedKeyManager com.ibm.jsse2.aw
SSLContextImpl:  Using X509TrustManager com.ibm.jsse2.aA
JsseJCE:  Using SecureRandom IBMSecureRandom from provider IBMJCE version 1.8
trigger seeding of SecureRandom
done seeding SecureRandom
IBMJSSE2 will enable CBC protection
JsseJCE:  Using SecureRandom IBMSecureRandom from provider IBMJCE version 1.8
JsseJCE:  Using KeyAgreement ECDH from provider IBMJCE version 1.8
JsseJCE:  Using signature SHA1withECDSA from provider TBD via init
JsseJCE:  Using signature NONEwithECDSA from provider TBD via init
JsseJCE:  Using KeyFactory EC from provider IBMJCE version 1.8
JsseJCE:  Using KeyPairGenerator EC from provider TBD via init
JsseJce:  EC is available
IBMJSSE2 will allow RFC 5746 renegotiation per com.ibm.jsse2.renegotiate set to none or default
IBMJSSE2 will not require renegotiation indicator during initial handshake per com.ibm.jsse2.renegotiation.indicator set to OPTIONAL or default taken
IBMJSSE2 will not perform identity checking against the peer cert check during renegotiation per com.ibm.jsse2.renegotiation.peer.cert.check set to OFF or default
IBMJSSE2 will allow client initiated renegotiation per jdk.tls.rejectClientInitiatedRenegotiation set to FALSE or default
IBMJSSE2 will not allow unsafe server certificate change during renegotiation per jdk.tls.allowUnsafeServerCertChange set to FALSE or default

Is initial handshake: true
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1473994730 bytes = { 238, 137, 89, 128, 139, 82, 93, 119, 12, 104, 3, 150, 104, 218, 146, 252, 106, 230, 104, 227, 220, 195, 133, 177, 224, 70, 52, 127 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods:  { 0 }
Extension renegotiation_info, ri_length: 0, ri_connection_data: { null }
***
main, WRITE: TLSv1 Handshake, length = 52
main, READ: TLSv1 Handshake, length = 856
*** ServerHello, TLSv1
RandomCookie:  GMT: 0 bytes = { 236, 88, 151, 94, 111, 9, 167, 185, 94, 81, 181, 148, 189, 136, 212, 113, 209, 109, 13, 193, 221, 127, 237, 75, 111, 58, 203, 130 }
Session ID:  {75, 215, 26, 41, 91, 78, 235, 37, 238, 153, 145, 133, 191, 24, 212, 43, 48, 183, 29, 255, 224, 52, 234, 162, 108, 152, 170, 224, 17, 94, 63, 154}
Cipher Suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
Compression Method: 0
Extension renegotiation_info, ri_length: 0, ri_connection_data: { null }
***
JsseJCE:  Using MessageDigest MD5 from provider IBMJCE version 1.8
JsseJCE:  Using MessageDigest SHA from provider IBMJCE version 1.8
%% Initialized:  [Session-1, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
** SSL_RSA_WITH_3DES_EDE_CBC_SHA
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN="XXX, O=XXX, OU=VIL, C=IN"
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  IBMJCE RSA Public Key:
modulus:
29520274597059884884525162797844309564564740860314317076363623205590330620665285960098203994430649948452267736624734060083888254808645851791784899893187301774015459836549786877052861001494184226379092315448710377951407842057987341460256107051853392995727416012224181106667030239052484951915573460835538842193183692008554795370126435248099845779739150211076745709763656203626931710137691863377966754291466123511621939080200053832041159491199213401094161487450139611524627709969107242299349846233668554767700637296506799788156861380576834589242935902127652273390577803901208287815787363344752279450721968318806451327069
public exponent:
65537

  Validity: [From: Tue Jan 17 12:36:21 IST 2017,
               To: Sat Jan 13 12:36:21 IST 2018]
  Issuer: CN="XXX, O=XXX, OU=VIL, C=IN"
  SerialNumber: [1251192874879434500]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 9c 7c 69 77 7b 26 59 e0  d3 10 0c d8 ae 10 b8 29  ..iw..Y.........
0010: 3d a8 3e 63 e5 e0 49 aa  73 71 14 68 a1 5e a8 c3  ...c..I.sq.h....
0020: 8e 55 ca f2 2f b2 21 00  c9 ac 6f 6e 9a 36 6a 39  .U........on.6j9
0030: 51 68 62 e5 23 e6 49 4a  8f d0 f5 25 16 a0 37 d5  Qhb...IJ......7.
0040: a4 99 ed c4 84 73 61 23  88 76 e7 d4 8e 1b d9 f0  .....sa..v......
0050: dd b8 e1 8f 21 c3 92 d7  8f b0 3c cc 42 98 17 50  ............B..P
0060: db 09 27 f9 1f 8b c1 29  68 e4 66 00 e2 9e b2 d3  ........h.f.....
0070: bd 98 8e 95 00 80 eb d1  3b cf 24 1a 86 ad 35 67  ..............5g
0080: 59 3a 3f e0 20 e7 f0 94  c6 4a 0c 5c 1a de 2b 22  Y........J......
0090: 6f 1c cb 23 08 55 1c 61  72 29 14 d8 7c 7b bf 31  o....U.ar......1
00a0: 0d d3 0a 38 e1 98 af 65  e5 7d 0f 9c d5 a5 3f 00  ...8...e........
00b0: f4 b1 dd 89 89 9b 57 42  46 80 a5 7e 30 62 bd cf  ......WBF...0b..
00c0: d5 4b d1 33 df 10 55 ac  3a 46 6e d0 e6 df 7c 35  .K.3..U..Fn....5
00d0: b1 c2 81 ef d0 7b 6d f3  cc ff d1 ea 40 9f 6e 6c  ......m.......nl
00e0: 5d c6 8f 45 2a dd 7a 9d  47 de b4 6c 33 0d cf 51  ...E..z.G..l3..Q
00f0: ad 68 54 aa 35 77 39 ed  4b 90 6e ee 46 f3 e0 81  .hT.5w9.K.n.F...

]
***
Found trusted certificate:
[
[
  Version: V3
  Subject: CN="XXX, O=XXX, OU=VIL, C=IN"
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  IBMJCE RSA Public Key:
modulus:
29520274597059884884525162797844309564564740860314317076363623205590330620665285960098203994430649948452267736624734060083888254808645851791784899893187301774015459836549786877052861001494184226379092315448710377951407842057987341460256107051853392995727416012224181106667030239052484951915573460835538842193183692008554795370126435248099845779739150211076745709763656203626931710137691863377966754291466123511621939080200053832041159491199213401094161487450139611524627709969107242299349846233668554767700637296506799788156861380576834589242935902127652273390577803901208287815787363344752279450721968318806451327069
public exponent:
65537

  Validity: [From: Tue Jan 17 12:36:21 IST 2017,
               To: Sat Jan 13 12:36:21 IST 2018]
  Issuer: CN="XXX, O=XXX, OU=VIL, C=IN"
  SerialNumber: [1251192874879434500]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 9c 7c 69 77 7b 26 59 e0  d3 10 0c d8 ae 10 b8 29  ..iw..Y.........
0010: 3d a8 3e 63 e5 e0 49 aa  73 71 14 68 a1 5e a8 c3  ...c..I.sq.h....
0020: 8e 55 ca f2 2f b2 21 00  c9 ac 6f 6e 9a 36 6a 39  .U........on.6j9
0030: 51 68 62 e5 23 e6 49 4a  8f d0 f5 25 16 a0 37 d5  Qhb...IJ......7.
0040: a4 99 ed c4 84 73 61 23  88 76 e7 d4 8e 1b d9 f0  .....sa..v......
0050: dd b8 e1 8f 21 c3 92 d7  8f b0 3c cc 42 98 17 50  ............B..P
0060: db 09 27 f9 1f 8b c1 29  68 e4 66 00 e2 9e b2 d3  ........h.f.....
0070: bd 98 8e 95 00 80 eb d1  3b cf 24 1a 86 ad 35 67  ..............5g
0080: 59 3a 3f e0 20 e7 f0 94  c6 4a 0c 5c 1a de 2b 22  Y........J......
0090: 6f 1c cb 23 08 55 1c 61  72 29 14 d8 7c 7b bf 31  o....U.ar......1
00a0: 0d d3 0a 38 e1 98 af 65  e5 7d 0f 9c d5 a5 3f 00  ...8...e........
00b0: f4 b1 dd 89 89 9b 57 42  46 80 a5 7e 30 62 bd cf  ......WBF...0b..
00c0: d5 4b d1 33 df 10 55 ac  3a 46 6e d0 e6 df 7c 35  .K.3..U..Fn....5
00d0: b1 c2 81 ef d0 7b 6d f3  cc ff d1 ea 40 9f 6e 6c  ......m.......nl
00e0: 5d c6 8f 45 2a dd 7a 9d  47 de b4 6c 33 0d cf 51  ...E..z.G..l3..Q
00f0: ad 68 54 aa 35 77 39 ed  4b 90 6e ee 46 f3 e0 81  .hT.5w9.K.n.F...

]
*** CertificateRequest
Cert Types: RSA
Cert Authorities:
<CN="XXX, O=XXX, OU=VIL, C=IN">
*** ServerHelloDone
ClientHandshaker: KeyManager com.ibm.jsse2.aw
*** Certificate chain
***
JsseJCE:  Using KeyGenerator IbmTlsRsaPremasterSecret from provider TBD via init
JsseJCE:  Using cipher RSA/SSL/PKCS1Padding from provider TBD via init
PreMasterSecret:  Using cipher for wrap RSA/SSL/PKCS1Padding from provider from init IBMJCE version 1.8
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 269
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 ca e5 e2 4f f5 ba  fc e5 ef e7 f0 ce 11 41  .....O.........A
0010: 1c 4f 8e b0 8b b0 1e 0f  25 96 85 a4 18 64 f4 22  .O...........d..
0020: ba 99 3c b2 08 64 b0 c0  0a 72 09 23 fe e8 67 48  .....d...r....gH

javax.crypto.spec.SecretKeySpec@13e668a
JsseJCE: Choose KeyGenerator for IbmTlsMasterSecret.
JsseJCE:  Using KeyGenerator IbmTlsMasterSecret from provider TBD via init
JsseJCE:  Using KeyGenerator IbmTlsKeyMaterial from provider TBD via init
CONNECTION KEYGEN:
Client Nonce:
0000: 58 db 60 ea ee 89 59 80  8b 52 5d 77 0c 68 03 96  X.....Y..R.w.h..
0010: 68 da 92 fc 6a e6 68 e3  dc c3 85 b1 e0 46 34 7f  h...j.h......F4.

Server Nonce:
0000: 00 00 00 00 ec 58 97 5e  6f 09 a7 b9 5e 51 b5 94  .....X..o....Q..
0010: bd 88 d4 71 d1 6d 0d c1  dd 7f ed 4b 6f 3a cb 82  ...q.m.....Ko...

Master Secret:
0000: 0a ca f1 d7 05 94 2e 07  1d 2a 27 bb e9 6a a2 dd  .............j..
0010: a1 70 32 ee 4c da 20 df  c2 95 aa bd 2c e9 cd 02  .p2.L...........
0020: 6b c7 17 9d bc 02 1f 22  31 a7 9b 78 ce 42 5b cf  k.......1..x.B..

Client MAC write Secret:
0000: 5f 22 6c 73 aa 0c 89 b5  8c 55 f4 c2 2c 67 6a 83  ..ls.....U...gj.
0010: 56 c4 00 c6                                        V...

Server MAC write Secret:
0000: 3e d4 16 07 87 f4 75 73  bc 76 6a 78 2c 3e b5 3a  ......us.vjx....
0010: 4e 45 ad e9                                        NE..

Client write key:
0000: cd d0 2d 55 ca a3 62 92  78 13 a4 2d 9c 3a 79 a9  ...U..b.x.....y.
0010: 5b 3f 03 97 06 33 3d ff                           .....3..

Server write key:
0000: e1 e8 89 c1 85 f5 09 32  25 75 19 dd 62 7a b2 c9  .......2.u..bz..
0010: 7f 63 ab 28 2d 6d 5d 45                           .c...m.E

Client write IV:
0000: db 7f 8f 71 11 c5 1e b3                           ...q....

Server write IV:
0000: 9c 74 e2 ae d6 62 56 3f                           .t...bV.

JsseJCE:  Using KeyGenerator IbmTlsPrf from provider TBD via init
HandshakeMessage:  TLS Keygenerator IbmTlsPrf  from provider from init IBMJCE version 1.8
main, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE:  Using cipher DESede/CBC/NoPadding from provider TBD via init
CipherBox:  Using cipher DESede/CBC/NoPadding from provider from init IBMJCE version 1.8
JsseJCE:  Using MAC HmacSHA1 from provider TBD via init
MAC:  Using MessageDigest HmacSHA1 from provider IBMJCE version 1.8
*** Finished
verify_data:  { 194, 19, 125, 188, 103, 19, 170, 48, 12, 172, 132, 24 }
***
main, WRITE: TLSv1 Handshake, length = 40
main, READ: TLSv1 Change Cipher Spec, length = 1
JsseJCE:  Using cipher DESede/CBC/NoPadding from provider TBD via init
CipherBox:  Using cipher DESede/CBC/NoPadding from provider from init IBMJCE version 1.8
JsseJCE:  Using MAC HmacSHA1 from provider TBD via init
MAC:  Using MessageDigest HmacSHA1 from provider IBMJCE version 1.8
main, READ: TLSv1 Handshake, length = 40
*** Finished
verify_data:  { 0, 3, 116, 83, 135, 81, 160, 25, 151, 242, 17, 213 }
***
JsseJCE:  Using KeyGenerator IbmTlsPrf from provider TBD via init
HandshakeMessage:  TLS Keygenerator IbmTlsPrf  from provider from init IBMJCE version 1.8
%% Cached client session: [Session-1, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
main, setSoTimeout(120000) called
main, WRITE: TLSv1 Application Data, length = 184
main, READ: TLSv1 Application Data, length = 64
main, WRITE: TLSv1 Application Data, length = 24
main, WRITE: TLSv1 Application Data, length = 48
main, called close()
main, called closeInternal(true)
main, SEND TLSv1 ALERT:  warning, description = close_notify
main, WRITE: TLSv1 Alert, length = 24
main, called closeSocket(true)
MQJE001: An MQException occurred: Completion Code 2, Reason 2009
MQJE016: MQ queue manager closed channel immediately during connect
Closure reason = 2009
MQJE001: An MQException occurred: Completion Code 2, Reason 2009
MQJE016: MQ queue manager closed channel immediately during connect
Closure reason = 2009
Exception in thread "main" com.ibm.mq.MQException: MQJE001: An MQException occurred: Completion Code 2, Reason 2009
MQJE016: MQ queue manager closed channel immediately during connect
Closure reason = 2009
        at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:212)
        at com.ibm.mq.MQClientManagedConnectionFactoryJ11._createManagedConnection(MQClientManagedConnectionFactoryJ11.java:318)
        at com.ibm.mq.MQClientManagedConnectionFactoryJ11.createManagedConnection(MQClientManagedConnectionFactoryJ11.java:338)
        at com.ibm.mq.StoredManagedConnection.<init>(StoredManagedConnection.java:84)
        at com.ibm.mq.MQSimpleConnectionManager.allocateConnection(MQSimpleConnectionManager.java:168)
        at com.ibm.mq.MQQueueManagerFactory.obtainBaseMQQueueManager(MQQueueManagerFactory.java:772)
        at com.ibm.mq.MQQueueManagerFactory.procure(MQQueueManagerFactory.java:697)
        at com.ibm.mq.MQQueueManagerFactory.constructQueueManager(MQQueueManagerFactory.java:657)
        at com.ibm.mq.MQQueueManagerFactory.createQueueManager(MQQueueManagerFactory.java:153)
        at com.ibm.mq.MQQueueManager.<init>(MQQueueManager.java:451)
        at com.apalya.main.MQTest.main(MQTest.java:129)
Caused by: com.ibm.mqservices.MQInternalException: MQJE001: An MQException occurred: Completion Code 2, Reason 2009
MQJE016: MQ queue manager closed channel immediately during connect
Closure reason = 2009
        at com.ibm.mq.MQv6InternalCommunications.checkControlFlags(MQv6InternalCommunications.java:740)
        at com.ibm.mq.MQv6InternalCommunications.establishChannel(MQv6InternalCommunications.java:656)
        at com.ibm.mq.MQv6InternalCommunications.initialize(MQv6InternalCommunications.java:206)
        at com.ibm.mq.MQv6InternalCommunications.<init>(MQv6InternalCommunications.java:102)
        at com.ibm.mq.MQSESSIONClient.MQCONNX(MQSESSIONClient.java:1337)
        at com.ibm.mq.MQSESSIONClient.MQCONN(MQSESSIONClient.java:1246)
        at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:184)
        ... 10 more

 

 

 

Can anyone please help/suggest on this

 

 

 

 

Updated on 2017-03-29T07:30:12Z at 2017-03-29T07:30:12Z by SureshTelagareddi