我的 Web 应用程序托管在 Websphere Application Server 中。对于所有传出连接,我们在服务器级别配置了动态 SSL 出站。目前,由于打补丁,SSLv3 已被禁用。现在,即使我们升级了出站 SSL 以支持 TLSV1.2,并使用基于 TLS 的 channel MQ channel ,与 WMQ 的连接仍然失败。详情如下。有人可以帮忙吗?
Websphere 服务器详细信息:
Java(TM) SE Runtime Environment (build pxa6460sr16fp60-20180213_02(SR16 FP60))
IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Linux amd64-64 jvmxa6460sr16fp60-20180125_377078 (JIT enabled, AOT enabled)
J9VM - 20180125_377078
JIT - r9_20180125_377078
GA24_Java6_SR16_20180125_1132_B377078)
java version "1.6.0"
JCL - 20180209_01
Websphere MQ version : 7.0.1.14
MQ client jar(com.ibm.mq.jar) version : 5.304 - j5304-G030613.1
Application Code is compiled using JDK 1.6_U80
错误日志是:
Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2400' ('MQRC_UNSUPPORTED_CIPHER_SUITE').
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:223)
... 50 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2400;AMQ9204: Connection to host 'gbrdsr000000542.intranet.barcapint.com(1414)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2400;AMQ9231: The supplied parameter is not valid. [1=TLS_RSA_WITH_AES_128_CBC_SHA256]],3=gbrdsr000000542.intranet.barcapint.com(1414),5=RemoteTCPConnection.chooseSocketFactory]
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:2177)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1308)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:373)
... 49 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2400;AMQ9231: The supplied parameter is not valid. [1=TLS_RSA_WITH_AES_128_CBC_SHA256]
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.chooseSocketFactory(RemoteTCPConnection.java:2122)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.makeSocketSecure(RemoteTCPConnection.java:1933)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.connnectUsingLocalAddress(RemoteTCPConnection.java:753)
at com.ibm.mq.jmqi.remote.internal.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1164)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnection.connect(RemoteConnection.java:1306)
at com.ibm.mq.jmqi.remote.internal.system.RemoteConnectionPool.getConnection(RemoteConnectionPool.java:372)
at com.ibm.mq.jmqi.remote.internal.RemoteFAP.jmqiConnect(RemoteFAP.java:1734)
... 51 more
MQ 方面的详细信息:
AMQ8414: Display Channel details.
CHANNEL(MQ.TLS.BFH.CHL) CHLTYPE(SVRCONN)
ALTDATE(2017-11-07) ALTTIME(08.35.01)
COMPHDR(NONE) COMPMSG(NONE)
DESCR(Client channel for BFH WAS Client)
SSLCAUTH(REQUIRED)
SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256)
TRPTYPE(TCP)
JAVA 中使用的密码套件 - SSL_RSA_WITH_AES_128_CBC_SHA256
最佳答案
WAS JVM 似乎无法与您在 MQ channel 上使用的密码套件一起使用。我的猜测是它在提示 SHA-2 签名算法。您可能需要使用无限制/无限制的导出策略文件。查看 IBM WAS manual 处的说明和 IBM Java SDK Security Guide .
关于ssl - 无法连接到 WMQ 服务器 v7.0.1.14 的 TLS channel ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50294492/