IBM Support

IT15253: 'AMQ9629: bad SSL cryptographic hardware parameters' error returned when trying to ping an SSL channel

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When trying to ping the channel after setting the cryptographic
    Hardware parameter successfully ,the following error is
    reported.
    
    AMQ9629: Bad SSL cryptographic hardware parameters.
    EXPLANATION:
    The following string was supplied to specify or control use of
    SSL cryptographic hardware: 'GSK_PKCS11=XXX'. This string does
    not confirm  to any of the MQ SSL cryptographic parameter
    formats. The channel is   'YYY'. The channel did not start.
    ACTION:
    Correct your SSL cryptographic hardware parameters and restart
    the  channel.
    

Local fix

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    MQ V8 users who use cryptographic hardware configuration to
    connect to queue manager or the client system.
    
    
    Platforms affected:
    MultiPlatform
    
    ****************************************************************
    PROBLEM DESCRIPTION:
    MQ stores the hardware (HSM) configuration string as a semicolon
    delimited set of data, which includes the cryptographic module,
    the token, the password and a symmetric cipher setting. The
    password is encrypted when the attribute is set, and stored as a
    binary encrypted field. If this encrypted field contains a null
     character, the parsing of the other fields in the string fails,
    causing an erroneous AMQ9629 message and the channel will fail
    to start.
    
    MQ did not correctly handle the case where the encrypted
    password contained a null character. This prevented the hardware
    (HSM) configuration string being processed correctly.
    

Problem conclusion

  • MQ code has been modified to handle the encrypted password
    containing NULL character.
    
    The final resolution of this issue is also dependent on updated
    GSKit libraries added to the product by APAR IT15276.
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
    Version    Maintenance Level
    v8.0       8.0.0.6
    v9.0 CD    9.0.1
    v9.0 LTS   9.0.0.1
    
    The latest available maintenance can be obtained from
    'WebSphere MQ Recommended Fixes'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037
    
    If the maintenance level is not yet available information on
    its planned availability can be found in 'WebSphere MQ
    Planned Maintenance Release Dates'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT15253

  • Reported component name

    WMQ BASE MULTIP

  • Reported component ID

    5724H7251

  • Reported release

    800

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-05-12

  • Closed date

    2016-05-26

  • Last modified date

    2017-06-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WMQ BASE MULTIP

  • Fixed component ID

    5724H7251

Applicable component levels

  • R800 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0.0.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
01 June 2017