APAR status
Closed as program error.
Error description
This APAR covers changes to the WebSphere MQ Queue Manager to disallow the configuration of SSLv3 CipherSpecs on new Queue Managers created after the application of this change.
Local fix
Problem summary
**************************************************************** USERS AFFECTED: Users wishing to use SSL/TLS to secure communication over MQ channels. Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: Once this change is applied, any queue managers created will disallow the use of the following CipherSpecs on channel definitions associated with the queue manager: AES_SHA_US RC4_SHA_US RC4_MD5_US TRIPLE_DES_SHA_US DES_SHA_EXPORT1024 RC4_56_SHA_EXPORT1024 RC4_MD5_EXPORT RC2_MD5_EXPORT DES_SHA_EXPORT NULL_SHA NULL_MD5 FIPS_WITH_DES_CBC_SHA FIPS_WITH_3DES_EDE_CBC_SHA Attempting to use or configure one of these CipherSpecs will result in one or more of the following messages in the queue manager error log: AMQ8242, AMQ9616, AMQ9635.
Problem conclusion
To override this restriction, set the environment variable "AMQ_SSL_V3_ENABLE" to the value "TRUE" in the environment used to start the queue manager Alternatively, add the following entry to the SSL stanza of the queue manager's qm.ini file: AllowSSLV3=y Once this change is applied, queue managers using GSKit 8 will have the GSK_STRICTCHECK_CBCPADBYTES functionality enabled by default. To override this, set GSK_STRICTCHECK_CBCPADBYTES=GSK_FALSE in the environment used to start the queue manager. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v7.0 7.0.1.13 v7.1 7.1.0.7 v7.5 7.5.0.5 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IV73396
Reported component name
WMQ LIN X86 V7
Reported component ID
5724H7224
Reported release
701
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-05-19
Closed date
2015-05-20
Last modified date
2015-05-20
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WMQ LIN X86 V7
Fixed component ID
5724H7224
Applicable component levels
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFKSJ","label":"WebSphere MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0.1"}]
Document Information
Modified date:
08 March 2021