IC76541: WMQ EXPLORER WITH WMQFTE PLUGIN ENABLED CONNECTING TO REMOTE SERVER VIA SSL WITH FIPS REQUIRED GETS MQRC = 2393

WebSphere MQ File Transfer Edition V7.0 Fix Pack 7.0.4.1

APAR status

• Closed as program error.

Error description

• A WebSphere MQ Explorer is not able to connect to a remote
  queue manager via a channel using SSL with Federal Information
  Processing Standards (FIPS) required set to YES, if the
  WebSphere MQ File Transfer Edition (WMQFTE) v7 plugin is
  enabled in WMQ Explorer. The connection is rejected with
  MQRC 2393 = MQRC_SSL_INITIALIZATION_ERROR.
  
  The same set up works fine with SSL if FIPS required is set to
  NO.
  The same set up works fine with SSL if FIPS required is set to
  YES and the WMQ FTE plugin is not enabled in WMQ Explorer.
  

Local fix

Problem summary

• This problem occurs because the IBM WebSphere MQ File Transfer
  Edition MQ Explorer plugin is hardcoded to connect without using
  FIPS. Because of this a JVM property is set within the MQ client
  which prevents all future connections from using FIPS. This
  later prevents Explorer from making its own FIPS connections.
  
  USERS AFFECTED:
  All users using the MQ Explorer to connect to queue managers
  using a FIPS connection
  
  PLATFORMS AFFECTED:
  All
  

Problem conclusion

• The code has been altered to attempt to connect in FIPS mode if
  the Explorer which the plugin resides in has been set to use
  FIPS. This prevents the FTE plugin from preventing the Explorer
  connecting to other queue managers via FIPS within the same JVM.
  
  This APAR does NOT introduce support for FIPS to WebSphere MQ
  File Transfer Edition.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  WMQ FILE TRANSF

• Fixed component ID

  5724R1000

Applicable component levels

• R702 PSY

     UP

• R703 PSY

     UP

• R704 PSY

     UP