我想知道帶有JDK8 Ciphersuites的TLSv2和帶有MQ8的規格嗎?
我在UNIX
上創建一個MQ8 JKS文件與 'runmqckm' 命令的jks對參數對密碼組和規格的任何依賴性 '-sig_alg'帶JDK8 Ciphersuites和MQ8的TLSv2?
https://www.ibm.com/support/knowledgecenter/SSFKSJ_8.0.0/com.ibm.mq.ref.adm.doc/q083860_.htm
Question on TLSv2 Ciphersuite
SUITE <>規格組合不工作如下網站
https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_8.0.0/com.ibm.mq.dev.doc/q113220_.htm
密碼規範 - TLS_RSA_WITH_AES_128_CBC_SHA256
等效的密文 - SSL_RSA_WITH_AES _128_CBC_SHA256
協議 - TLSv1.2工作
FIPS 140-2兼容 - 是
工作
MQEnvironment.sslCipherSuite = 「TLS_RSA_WITH_AES_128_CBC_SHA256」
ALTER CHANNEL(TEST.CH)CHLTYPE(SVRCONN)SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256)
不工作
MQEnvironment.sslCipherSuite =「SSL_RSA_WITH_AES_128_CBC_SHA256」;
ALTER CHANNEL(TEST.CH)CHLTYPE(SVRCONN)SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256)
Only 3 TLS Ciphers i can Test as below , what spec i can use?
甲骨文密文
1.TLS_RSA_WITH_NULL_SHA256
2.TLS_RSA_WITH_AES_128_CBC_SHA256
3.TLS_RSA_WITH_AES_256_CBC_SHA256
MQ規格
1 ??
2.TLS_RSA_WITH_AES_128_CBC_SHA256
3.。
Only 1 cipher i can use part of TLS (JDK8 + MQ8)?
工作
TLS_RSA_WITH_AES_128_CBC_SHA256 - > TLS_RSA_WITH_AES_128_CBC_SHA256
不工作
TLS_RSA_WITH_NULL_SHA256 - > TLS_RSA_WITH_NULL_SHA256
ALTER CHANNEL(TEST.CH) CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_NULL_SHA256)
1 : ALTER CHANNEL(TEST.CH) CHLTYPE(SVRCONN) SSLCIPH(TLS_RSA_WITH_NULL_SHA256)
AMQ8242: SSLCIPH definition wrong.
不工作
TLS_RSA_WITH_AES_256_CBC_SHA256 - > TLS_RSA_WITH_AES_256_CBC_SHA256
MQJE001: Completion Code '2', Reason '2393'.
com.ibm.mq.MQException: MQJE001: Completion Code '2', Reason '2393'.
at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:249)
at com.ibm.mq.MQClientManagedConnectionFactoryJ11._createManagedConnection(MQClientManagedConnectionFactoryJ11.java:450)
at com.ibm.mq.MQClientManagedConnectionFactoryJ11.createManagedConnection(MQClientManagedConnectionFactoryJ11.java:487)
at com.ibm.mq.StoredManagedConnection.<init>(StoredManagedConnection.java:97)
at com.ibm.mq.MQSimpleConnectionManager.allocateConnection(MQSimpleConnectionManager.java:194)
at com.ibm.mq.MQQueueManagerFactory.obtainBaseMQQueueManager(MQQueueManagerFactory.java:868)
at com.ibm.mq.MQQueueManagerFactory.procure(MQQueueManagerFactory.java:816)
at com.ibm.mq.MQQueueManagerFactory.constructQueueManager(MQQueueManagerFactory.java:758)
at com.ibm.mq.MQQueueManagerFactory.createQueueManager(MQQueueManagerFactory.java:200)
at com.ibm.mq.MQQueueManager.<init>(MQQueueManager.java:682)
at MQProducerTLS.main(MQProducerTLS.java:89)
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9204: Connection to host 'localhost(2017)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2393;AMQ9771: SSL handshake failed. [1=java.lang.IllegalArgumentException[Cannot support TLS_RSA_WITH_AES_256_CBC_SHA256 with currently installed providers],3=localhost/127.0.0.1:2017 (localhost),4=SSLSocket.createSocket,5=default]],3=localhost(2017),5=RemoteTCPConnection.makeSocketSecure]
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:2282)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1294)
at com.ibm.mq.ese.jmqi.InterceptedJmqiImpl.jmqiConnect(InterceptedJmqiImpl.java:376)
at com.ibm.mq.ese.jmqi.ESEJMQI.jmqiConnect(ESEJMQI.java:560)
at com.ibm.mq.MQSESSION.MQCONNX_j(MQSESSION.java:916)
at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:235)
... 10 more
Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9771: SSL handshake failed. [1=java.lang.IllegalArgumentException[Cannot support TLS_RSA_WITH_AES_256_CBC_SHA256 with currently installed providers],3=localhost/127.0.0.1:2017 (localhost),4=SSLSocket.createSocket,5=default]
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.makeSocketSecure(RemoteTCPConnection.java:2049)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.connnectUsingLocalAddress(RemoteTCPConnection.java:861)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1277)
at com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:863)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection(RemoteConnectionSpecification.java:409)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession(RemoteConnectionSpecification.java:305)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:146)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1730)
... 15 more
Caused by: java.lang.IllegalArgumentException: Cannot support TLS_RSA_WITH_AES_256_CBC_SHA256 with currently installed providers
at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:81)
at sun.security.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:2461)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.makeSocketSecure(RemoteTCPConnection.java:2041)
... 22 more
更新上20-FEB-2017
當樣本代碼,放置在AP摺疊得到以下授權錯誤 新問題的鏈接如下
http://stackoverflow.com/questions/42347461/authorization-errors-with-mq8-jdk8
所有三個密碼都在工作,其次是爲每個非工作密碼提及的步驟。**感謝** ..需要了解的只有這些密碼我可以使用或更多NON-IBM-JRE密碼是否存在? –
APAR [IV66840](http://www-01.ibm.com/support/docview.wss?uid=swg1IV66840)中的表格列出了爲NON-IBM-JRE啓用的所有密碼,必須採取考慮到其中一些被認爲是弱密碼,並且默認情況下被禁用,除非你啓用它們。 – JoshMc
你可以谷歌,並找到很多關於此的信息。密碼規範名稱的格式是「KEY Exchange」_「Encryption」_「Hash Algorithm」'。 「TLS_RSA_WITH_NULL_SHA256」密碼規範名稱中的「WITH_NULL」表示存在** NO **數據加密。在你看過的'TLS_RSA_WITH_AES_256_CBC_SHA256'的三個中最強。我不知道對更新的'ECDHE_'密碼規格進行評論。這將是一個很好的問題,在一個新的職位問。 – JoshMc