IBM Support

IT00326: WMQ V7.X EXPLORER IS NOT ABLE TO CONFIGURE A CIPHER SPECIFICATION SUPPORTED BY GSKIT V8 FOR A V7.0.1 QUEUE MANAGER

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • WebSphere MQ fix pack V7.0.1.4 and later code levels include
    Global Security Kit (GSKit) Version 8, in addition to GSKit
    Version 7 (which is installed by default).
    GSKit V8 is provided as an alternative security package to
    enable customers to configure stronger encryption settings
    (Cipher Specifications), for their channels, that were not
    supported at the GSKit V7 code level.
    However, even though the GSKit V8 packages have been installed
    and configured correctly, the WebSphere MQ Explorer at the
    V7.0.1.4 and later, V7.1.0.x, and V7.5.0.x code levels does not
    allow an MQ administrator to configure the GSKit V8 Cipher
    Specifications.
    

Local fix

  • Use the WebSphere MQ runmqsc command line utility to configure
    your channel with the GSKit V8 Cipher Specification
    

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    This issue affects users of the 7.0.1, 7.1 or 7.5 WebSphere MQ
    Explorer who are connecting to a 7.0.1 queue manager which is
    configured to use GSKit 8, and wish to configure one of the
    following additional CipherSpecs provided by this GSKit level on
    a channel definition:
    
    TLS_RSA_WITH_AES_256_CBC_SHA256
    TLS_RSA_WITH_AES_128_CBC_SHA256
    TLS_RSA_WITH_NULL_SHA256
    
    
    Platforms affected:
    Windows, Linux on x86, Linux on x86-64
    
    ****************************************************************
    PROBLEM SUMMARY:
    WebSphere MQ Explorer contains metadata which defines the set of
    valid property values for WebSphere MQ object definitions, based
    on the version of the queue manager that MQ Explorer is
    connecting to.
    
    The metadata defining set of valid CipherSpec values for channel
    definitions was extended in 7.0.1.4 to include the following
    addtional CipherSpecs on Windows and Unix queue managers:
    
    TLS_RSA_WITH_AES_256_CBC_SHA256
    TLS_RSA_WITH_AES_128_CBC_SHA256
    TLS_RSA_WITH_NULL_SHA256
    
    Subsequently, IC88494 added additional metadata to allow a
    7.0.1.10 or higher MQ Explorer to configure additional
    CipherSpecs on a channel definition when connected to 7.1 or
    higher queue managers. This change incorrectly caused Explorer
    to fail to show the three CipherSpecs listed above in the list
    of available CipherSpecs for a channel definition when connected
    to a 7.0.1 queue manager.
    

Problem conclusion

  • The WebSphere MQ Explorer has been updated to allow the
    configuration of the following CipherSpecs on a channel
    definition when connected to a version 7.0.1 queue manager:
    
    TLS_RSA_WITH_AES_256_CBC_SHA256
    TLS_RSA_WITH_AES_128_CBC_SHA256
    TLS_RSA_WITH_NULL_SHA256
    
    These CipherSpecs require GSKit 8 to be configured on the queue
    manager. Attempting to set these CipherSpecs for a channel
    definition on a version 7.0.1 queue manager which is using GSKit
    7 will cause MQ Explorer to display an AMQ4126 error.
    
    It should be noted that WebSphere MQ Explorer version 7.0.1 does
    not support the use of these three CipherSpecs for its
    communications with the queue manager over a ServerConnection
    channel.
    
    | MDVREGR 7.0.1-WS-MQ-AixPPC64-FP0010 |
    | MDVREGR 7.0.1-WS-MQ-HpuxIA64-FP0010 |
    | MDVREGR 7.0.1-WS-MQ-HpuxPaRISC64-FP0010 |
    | MDVREGR 7.0.1-WS-MQ-LinuxIA32-FP0010 |
    | MDVREGR 7.0.1-WS-MQ-LinuxPPC64-FP0010 |
    | MDVREGR 7.0.1-WS-MQ-LinuxS390X-FP0010 |
    | MDVREGR 7.0.1-WS-MQ-LinuxX64-FP0010 |
    | MDVREGR 7.0.1-WS-MQ-SolarisSparc64-FP0010 |
    | MDVREGR 7.0.1-WS-MQ-SolarisX64-FP0010 |
    | MDVREGR 7.0.1-WS-MQ-Windows-FP0010 |
    
    | MDVREGR 7.0.1-WS-MQ-AixPPC64-FP0011 |
    | MDVREGR 7.0.1-WS-MQ-HpuxIA64-FP0011 |
    | MDVREGR 7.0.1-WS-MQ-HpuxPaRISC64-FP0011 |
    | MDVREGR 7.0.1-WS-MQ-LinuxIA32-FP0011 |
    | MDVREGR 7.0.1-WS-MQ-LinuxPPC64-FP0011 |
    | MDVREGR 7.0.1-WS-MQ-LinuxS390X-FP0011 |
    | MDVREGR 7.0.1-WS-MQ-LinuxX64-FP0011 |
    | MDVREGR 7.0.1-WS-MQ-SolarisSparc64-FP0011 |
    | MDVREGR 7.0.1-WS-MQ-SolarisX64-FP0011 |
    | MDVREGR 7.0.1-WS-MQ-Windows-FP0011 |
    
    | MDVREGR 7.0.1-WS-MQ-AixPPC64-FP0012 |
    | MDVREGR 7.0.1-WS-MQ-HpuxIA64-FP0012 |
    | MDVREGR 7.0.1-WS-MQ-HpuxPaRISC64-FP0012 |
    | MDVREGR 7.0.1-WS-MQ-LinuxIA32-FP0012 |
    | MDVREGR 7.0.1-WS-MQ-LinuxPPC64-FP0012 |
    | MDVREGR 7.0.1-WS-MQ-LinuxS390X-FP0012 |
    | MDVREGR 7.0.1-WS-MQ-LinuxX64-FP0012 |
    | MDVREGR 7.0.1-WS-MQ-SolarisSparc64-FP0012 |
    | MDVREGR 7.0.1-WS-MQ-SolarisX64-FP0012 |
    | MDVREGR 7.0.1-WS-MQ-Windows-FP0012 |
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
    Version    Maintenance Level
    v7.0       7.0.1.13
    v7.1       7.1.0.6
    v7.5       7.5.0.4
    
    The latest available maintenance can be obtained from
    'WebSphere MQ Recommended Fixes'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037
    
    If the maintenance level is not yet available information on
    its planned availability can be found in 'WebSphere MQ
    Planned Maintenance Release Dates'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT00326

  • Reported component name

    WMQ WINDOWS V7

  • Reported component ID

    5724H7220

  • Reported release

    701

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2014-03-14

  • Closed date

    2014-03-28

  • Last modified date

    2014-05-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WMQ WINDOWS V7

  • Fixed component ID

    5724H7220

Applicable component levels

  • R701 PSY

       UP

[{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSFKSJ","label":"WebSphere MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0.1"}]

Document Information

Modified date:
25 September 2021