APAR status
Closed as program error.
Error description
When trying to ping the channel after setting the cryptographic Hardware parameter successfully ,the following error is reported. AMQ9629: Bad SSL cryptographic hardware parameters. EXPLANATION: The following string was supplied to specify or control use of SSL cryptographic hardware: 'GSK_PKCS11=XXX'. This string does not confirm to any of the MQ SSL cryptographic parameter formats. The channel is 'YYY'. The channel did not start. ACTION: Correct your SSL cryptographic hardware parameters and restart the channel.
Local fix
Problem summary
**************************************************************** USERS AFFECTED: MQ V8 users who use cryptographic hardware configuration to connect to queue manager or the client system. Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: MQ stores the hardware (HSM) configuration string as a semicolon delimited set of data, which includes the cryptographic module, the token, the password and a symmetric cipher setting. The password is encrypted when the attribute is set, and stored as a binary encrypted field. If this encrypted field contains a null character, the parsing of the other fields in the string fails, causing an erroneous AMQ9629 message and the channel will fail to start. MQ did not correctly handle the case where the encrypted password contained a null character. This prevented the hardware (HSM) configuration string being processed correctly.
Problem conclusion
MQ code has been modified to handle the encrypted password containing NULL character. The final resolution of this issue is also dependent on updated GSKit libraries added to the product by APAR IT15276. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v8.0 8.0.0.6 v9.0 CD 9.0.1 v9.0 LTS 9.0.0.1 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT15253
Reported component name
WMQ BASE MULTIP
Reported component ID
5724H7251
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-05-12
Closed date
2016-05-26
Last modified date
2017-06-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WMQ BASE MULTIP
Fixed component ID
5724H7251
Applicable component levels
R800 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0.0.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
01 June 2017