APAR status
Closed as program error.
Error description
When trying to start a channel using a TLS cipher running in an Oracle JRE the client certificate is not being sent, although client authentication is enabled. Error AMQ9637 (Channel is lacking a certificate) is logged in the queue manager error log.
Local fix
Problem summary
**************************************************************** USERS AFFECTED: This issue affects users attempting a connection from a WebSphere MQ Classes for Java or JMS client to a queue manager secured with a TLS cipher, where the client is running in an Oracle JVM, and the queue manager's server-connection channel property SSLCAUTH is set to REQUIRED, meaning that client authentication is enabled for the handshake. For WebSphere MQ versions 7.5 and 7.1 this issue only affects TLS 1.2 ciphers. For IBM MQ version 8 this issue affects both TLS 1 and TLS 1.2 ciphers. Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: The Oracle JVM did not create a default internal key manager object for TLS socket connections, meaning that the client's signed personal certificates were not available for client authentication during the handshake, causing the connection attempt to fail.
Problem conclusion
An internal key manager object is now created for Oracle TLS connections, so the client's signed personal certificates are available during the handshake and the connection attempt succeeds. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v7.1 7.1.0.8 v7.5 7.5.0.7 v8.0 8.0.0.5 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT10837
Reported component name
WMQ WINDOWS V7
Reported component ID
5724H7220
Reported release
710
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-08-21
Closed date
2016-03-28
Last modified date
2016-03-28
APAR is sysrouted FROM one or more of the following:
IT10725
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WMQ WINDOWS V7
Fixed component ID
5724H7220
Applicable component levels
R710 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSDEZSF","label":"IBM WebSphere MQ Managed File Transfer for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
31 March 2023