Bootstrap FreeKB - IBM MQ - Resolve "CipherSpec error for channel"
IBM MQ - Resolve "CipherSpec error for channel"
Updated:   |  IBM MQ articles

Let's say the following is being returned when attempting to connect to an IBM MQ channel.

Remote CipherSpec error for channel 'CHANNEL01' to host 'mq.example.com(5123)'

 

If you have access to the IBM MQ system, the display channel command can be used to determine the cipher being used by the channel.

~]# echo "display channel (CHANNEL01)" | runmqsc MANAGER01
SSLCIPH(TLS_RSA_WITH_AES_256_CBC_SHA256)

 

When making a connection to IBM MQ from a Java application using WMQConstants, here is an example of how you would define the cipher suite, using the IBM cipher (beginning with SSL).

cf.setStringProperty (WMQConstants.WMQ_SSL_CIPHER_SUITE, "SSL_RSA_WITH_AES_256_CBC_SHA256");

 

Or like this, using the Oracle cipher (beginning with TLS).

System.setProperty("com.ibm.mq.cfg.useIBMCipherMappings", "false");
cf.setStringProperty (WMQConstants.WMQ_SSL_CIPHER_SUITE, "TLS_RSA_WITH_AES_256_CBC_SHA256");

 

When making a connection to IBM MQ from a Java application using MQConstants, here is an example of how you would define the cipher suite, using the IBM cipher (beginning with SSL).

properties.put(MQConstants.SSL_CIPHER_SUITE_PROPERTY, "SSL_RSA_WITH_AES_256_CBC_SHA256");

 

Or like this, using the Oracle cipher (beginning with TLS).

System.setProperty("com.ibm.mq.cfg.useIBMCipherMappings", "false");
properties.put(MQConstants.SSL_CIPHER_SUITE_PROPERTY, "TLS_RSA_WITH_AES_256_CBC_SHA256");

 

TLS CipherSpecs and CipherSuites in IBM MQ classes for JMS - IBM Documentation lists the ciphers supported by IBM MQ, and the equivalent cipher that should be used when connecting to IBM MQ.

  • If com.ibm.mq.cfg.useIBMCipherMappings is not being used in the Java application, then the IBM cipher must be used (these are the ciphers beginning with SSL)
  • If com.ibm.mq.cfg.useIBMCipherMappings=true is being used in the Java application, then the IBM cipher must be used (these are the ciphers beginning with SSL)
  • If com.ibm.mq.cfg.useIBMCipherMappings=false is being used, then the Oracle cipher must be used (these are the ciphers beginning with TLS)

 

Here is an example of how you could set the com.ibm.mq.cfg.useIBMCipherMappings property in a Java application.

System.setProperty("com.ibm.mq.cfg.useIBMCipherMappings", "false")

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 118123 in the box below so that we can be sure you are a human.