Channel SSL Error
|Event name:||Channel SSL Error.|
|Reason code in MQCFH:||
MQRC_CHANNEL_SSL_ERROR (2371, X'943').
Channel SSL Error.
|Event description:||This condition is detected when a channel using Transport Layer Security (TLS) fails to establish a connection. ReasonQualifier identifies the nature of the error.|
Description: Name of the queue manager generating the event. Identifier: MQCA_Q_MGR_NAME. Data type: MQCFST. Maximum length: MQ_Q_MGR_NAME_LENGTH. Returned: Always.
Description: Identifier that qualifies the reason code. Identifier: MQIACF_REASON_QUALIFIER. Data type: MQCFIN. Values:
- The key exchange / authentication failure arose during the TLS handshake.
- This error can mean any one of the following:
- The TLS client CipherSpec does not match that on the TLS server channel definition.
- An invalid CipherSpec has been specified.
- A CipherSpec has only been specified on one end of the TLS channel.
- The Distinguished Name in the certificate sent by one end of the TLS channel does not match the peer name on the end of the channel definition at the other end of the TLS channel.
- The TLS server channel definition specified either SSLCAUTH(REQUIRED) or a SSLPEER value that was not blank, but the TLS client did not provide a certificate.
Description: Channel Name. Identifier: MQCACH_CHANNEL_NAME. Data type: MQCFST. Maximum length: MQ_CHANNEL_NAME_LENGTH. Returned: The
ChannelNamemight not be available if the channel has not yet got far enough through its start-up process, in this case the channel name will not be returned. Otherwise always.
Description: Transmission queue name. Identifier: MQCACH_XMIT_Q_NAME. Data type: MQCFST. Returned: For sender, server, cluster-sender and cluster-receiver channels only.
Description: If the channel has successfully established a TCP connection, this is the Internet address. Otherwise it is the contents of the ConnectionName field in the channel definition. Identifier: MQCACH_CONNECTION_NAME. Data type: MQCFST. Maximum length: MQ_CONN_NAME_LENGTH. Returned: The
ConnectionNamemight not be available if the channel has not yet got far enough through its start-up process, in this case the connection name will not be returned. Otherwise always.
Description: Information about the TLS function call giving the error. For z/OS®, details of function names can be found in the System Secure Sockets Layer Programming Guide and Reference SC24-5877. Identifier: MQCACH_SSL_HANDSHAKE_STAGE. Data type: MQCFST. Maximum length: MQ_SSL_HANDSHAKE_STAGE_LENGTH. Returned: This field is only present if ReasonQualifier is set to MQRQ_SSL_HANDSHAKE_ERROR.
Description: A numeric return code from a failing TLS call.Details of TLS Return Codes for specific platforms can be found as follows:
- For z/OS, see Transport Layer Security (TLS) return codes for z/OS.
- For Multiplatforms, see Transport Layer Security (TLS) return codes.
Identifier: MQIACH_SSL_RETURN_CODE. Data type: MQCFIN. Returned: This field is only present if ReasonQualifier is set to MQRQ_SSL_HANDSHAKE_ERROR.
Description: The Distinguished Name in the certificate sent from the remote system. Identifier: MQCACH_SSL_PEER_NAME. Data type: MQCFST. Maximum length: MQ_DISTINGUISHED_NAME_LENGTH. Returned: This field is only present if ReasonQualifier is set to MQRQ_SSL_PEER_NAME_ERROR and is not always present for this reason qualifier.