IBM Support

IT29868: Allow MQ AMS applications to use GSKit in non-FIPS mode

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • A user might need to run their AMS applications while accessing
    GSKit encrypt/decrypt functionality in non-FIPS mode.  This
    setting must be made very early in the life of the application,
    via an environment variable.
    

Local fix

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    Users of AMS functionality who want to run the GSKit code in
    non-FIPS mode.
    
    
    Platforms affected:
    AIX
    
    ****************************************************************
    PROBLEM DESCRIPTION:
    A user had no documented way of running their AMS applications
    while accessing GSKit encrypt/decrypt functionality in non-FIPS
    mode.  Therefore by default all users will run in FIPS mode.
    This is ok for most users, but occasionally there is a need to
    run in non-FIPS mode.  An example of such a case is when the
    non-FIPS code contains a bug fix that has not yet been
    FIPS-certified.
    

Problem conclusion

  • A check has been added to the MQ library code that runs within
    the customer's application program.  The new check runs early in
    its initialisation to read the value of the environment variable
    AMQ_AMS_FIPS_OFF and if it is set to any value, then the GSKit
    code will be run in non-FIPS mode in that application.
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
    Version    Maintenance Level
    v9.0 LTS   9.0.0.8
    v9.1 CD    9.1.4
    v9.1 LTS   9.1.0.4
    
    The latest available maintenance can be obtained from
    'WebSphere MQ Recommended Fixes'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037
    
    If the maintenance level is not yet available information on
    its planned availability can be found in 'WebSphere MQ
    Planned Maintenance Release Dates'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT29868

  • Reported component name

    IBM MQ BASE M/P

  • Reported component ID

    5724H7261

  • Reported release

    900

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-07-30

  • Closed date

    2019-09-24

  • Last modified date

    2019-10-02

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    IBM MQ BASE M/P

  • Fixed component ID

    5724H7261

Applicable component levels

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
02 October 2019