IBM Support

IT29868: Allow MQ AMS applications to use GSKit in non-FIPS mode

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • A user might need to run their AMS applications while accessing
GSKit encrypt/decrypt functionality in non-FIPS mode.  This
setting must be made very early in the life of the application,
via an environment variable.

Local fix

  • 



Problem summary


    

  • ****************************************************************
USERS AFFECTED:
Users of AMS functionality who want to run the GSKit code in
non-FIPS mode.


Platforms affected:
AIX

****************************************************************
PROBLEM DESCRIPTION:
A user had no documented way of running their AMS applications
while accessing GSKit encrypt/decrypt functionality in non-FIPS
mode.  Therefore by default all users will run in FIPS mode.
This is ok for most users, but occasionally there is a need to
run in non-FIPS mode.  An example of such a case is when the
non-FIPS code contains a bug fix that has not yet been
FIPS-certified.

    



Problem conclusion


    

  • A check has been added to the MQ library code that runs within
the customer's application program.  The new check runs early in
its initialisation to read the value of the environment variable
AMQ_AMS_FIPS_OFF and if it is set to any value, then the GSKit
code will be run in non-FIPS mode in that application.

---------------------------------------------------------------
The fix is targeted for delivery in the following PTFs:

Version    Maintenance Level
v9.0 LTS   9.0.0.8
v9.1 CD    9.1.4
v9.1 LTS   9.1.0.4

The latest available maintenance can be obtained from
'WebSphere MQ Recommended Fixes'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037

If the maintenance level is not yet available information on
its planned availability can be found in 'WebSphere MQ
Planned Maintenance Release Dates'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
---------------------------------------------------------------

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT29868
    • 

  • Reported component name
    IBM MQ BASE M/P
    • 

  • Reported component ID
    5724H7261
    • 

  • Reported release
    900
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2019-07-30
    • 

  • Closed date
    2019-09-24
    • 

  • Last modified date
    2019-10-02
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    IBM MQ BASE M/P
    • 

  • Fixed component ID
    5724H7261
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            02 October 2019
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback