APAR status
Closed as program error.
Error description
MQ v5.3.1.10 and higher on HP-NSS (HP Non-Stop) have added support for TLS 1.2 cipherspecs for queue managers, but MQ Explorer does not show these as options or allow setting them on the channel cipherspec setting.
Local fix
Use runmqsc command to alter channels to set TLS 1.2 cipherspecs for HP-NSS queue managers upgraded to 5.3.1.10 or higher.
Problem summary
**************************************************************** USERS AFFECTED: All users of the IBM MQ Explorer attempting to connect to a 5.3.1.10 queue manager on HP-NSS. Platforms affected: Windows, Linux on zSeries, Linux on x86-64, Linux on x86, Linux on Power **************************************************************** PROBLEM DESCRIPTION: IBM WebSphere MQ for HP NonStop Server 5.3.1.10 added support for the following cipherspecs: DES_SHA_EXPORT1024 RC4_56_SHA_EXPORT1024 TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_NULL_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 ECDHE_ECDSA_AES_128_CBC_SHA256 ECDHE_ECDSA_AES_256_CBC_SHA384 ECDHE_RSA_AES_128_CBC_SHA256 ECDHE_RSA_AES_256_CBC_SHA384 ECDHE_ECDSA_AES_128_GCM_SHA256 ECDHE_ECDSA_AES_256_GCM_SHA384 ECDHE_RSA_AES_128_GCM_SHA256 ECDHE_RSA_AES_256_GCM_SHA384 However the MQ configuration was not modified to understand that these cipherspecs are now available when connected to an HP-NSS queue manager, and so these options were not available when attempting to select a cipherspec for a queue manager or channel.
Problem conclusion
The IBM MQ Explorer configuration has been modified so that the cipherspecs above are now available for selection when connected to a queue manager running on the HP-NSS platform. The IBM MQ Explorer cannot differentiate between a queue manager at 5.3.1.10 and earlier 5.3 versions, therefore these options will be available even where 5.3.1.10 has not been applied. If an attempt is made to select a cipherspec not valid on that release error AMQ4635 will be thrown. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v8.0 8.0.0.6 v9.0 CD 9.0.1 v9.0 LTS 9.0.0.1 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT15144
Reported component name
WMQ BASE MULTIP
Reported component ID
5724H7251
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-05-06
Closed date
2016-05-31
Last modified date
2017-06-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WMQ BASE MULTIP
Fixed component ID
5724H7251
Applicable component levels
R800 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0.0.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
01 June 2017