IBM Support

IT44272: MQCONNX fails with 2059 when establishing secure connection if ClientRevocationChecks is set to REQUIRED

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as unreproducible.

Error description

  • MQCONNX from a client application using SSL/TLS channel fails
with 2059 when establishing secure connection
if ClientRevocationChecks is set to REQUIRED. The problem occurs
when the application is not supplying MQSCO
structure in MQCONNX call and application is not using CCDT.

$ amqssslc -m QM93TLS -c SSL.SVRCONN.LNX -x 'hostname(1419)' -s
TLS_AES_128_GCM_SHA256 -l ibmwebspheremqmqm
Sample AMQSSSLC start
Connecting to queue manager QM93TLS
Using the server connection channel SSL.SVRCONN.LNX
on connection name hostname(1419).
Using SSL CipherSpec TLS_AES_128_GCM_SHA256
Certificate Label: ibmwebspheremqmqm
No OCSP configuration specified.
MQCONNX ended with reason code 2059

Local fix

  • If client revocation check is required then the application has
to use CCDT or supply MQSCO in MQCONNX call.
If client revocation check is not required then set the
ClientRevocationCheck to OPTIONAL or DISABLED

Problem summary

  • This behaviour has been addressed by design changes in the MQ
9.3.5.0 continuous delivery release.

MQ document has been updated to document the current behavior as
below:

If you are using either MQSCO or CCDT, then the connection
succeeds. If there is no CCDT file and if MQSCO is also not
supplied, then the connection fails with a reason code 2059 and
the error log reports AMQ9518E: File '/var/mqm/AMQCLCHL.TAB' not
found.

Problem conclusion

  • ****************************************************************
USERS AFFECTED:
MQ client application establishing secure connection via MQCONNX
call without supplying MQSCO/CCDT when ClientRevocationCheck is
set to REQUIRED are affected.


Platforms affected:
Linux on x86, AIX

****************************************************************
PROBLEM DESCRIPTION:
A defect in MQ when establishing secure connection causes the
application to fail with 2059 in MQCONNX.

Temporary fix

  • 



Comments


    

  • This behaviour has been addressed by design changes in the MQ
9.3.5.0 continuous delivery release.

MQ document has been updated to document the current behavior
as below:

If you are using either MQSCO or CCDT, then the connection
succeeds. If there is no CCDT file and if MQSCO is also not
supplied, then the connection fails with a reason code 2059
and the error log reports AMQ9518E: File '/var/mqm/AMQCLCHL.
TAB' not found.

    



APAR Information




    

  • APAR number
    IT44272
    • 

  • Reported component name
    MQ BASE V9.2
    • 

  • Reported component ID
    5724H7281
    • 

  • Reported release
    920
    • 

  • Status
    CLOSED  UR3
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2023-08-01
    • 

  • Closed date
    2024-05-10
    • 

  • Last modified date
    2024-05-10
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    MQ BASE V9.2
    • 

  • Fixed component ID
    5724H7281
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"920","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            10 May 2024
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback