1

I have problems while connecting IBM MQ from JBoss with SSL on JRE 1.8 (jdk1.8.0_101)

I comment below line on java.security but nothing changes:

jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 

Caused by: com.ibm.msg.client.jms.DetailedJMSException: JMSWMQ0018: Failed to connect to queue manager 'xxxxx' with connection mode 'Client' and host name 'xxxx'.Check the queue manager is started and if running in client mode, check there is a listener running. Please see the linked exception for more information.
at com.ibm.msg.client.wmq.common.internal.Reason.reasonToException(Reason.java:580)
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:216)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:431)
at com.ibm.msg.client.wmq.internal.WMQXAConnection.<init>(WMQXAConnection.java:70)
at com.ibm.msg.client.wmq.factories.WMQXAConnectionFactory.createV7ProviderConnection(WMQXAConnectionFactory.java:190)
at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createProviderConnection(WMQConnectionFactory.java:6157)
at com.ibm.msg.client.wmq.factories.WMQXAConnectionFactory.createProviderXAConnection(WMQXAConnectionFactory.java:102)
at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl.createXAConnectionInternal(JmsConnectionFactoryImpl.java:364)
at com.ibm.mq.jms.MQXAConnectionFactory.createXAConnection(MQXAConnectionFactory.java:124)
at com.ibm.mq.connector.ConnectionBuilder.createConnection(ConnectionBuilder.java:167)
... 22 more **Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2393' ('MQRC_SSL_INITIALIZATION_ERROR')**.
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:204)
... 30 more Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9204: Connection to host 'xxxxx' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2393],3=xxxxx(1428),5=RemoteTCPConnection.buildTLSV1_2SocketFactory]
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:2098)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1347)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:350)
... 29 more  Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.buildTLSV1_2SocketFactory(RemoteTCPConnection.java:2480)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.chooseSocketFactory(RemoteTCPConnection.java:2130)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.makeSocketSecure(RemoteTCPConnection.java:1945)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.connnectUsingLocalAddress(RemoteTCPConnection.java:855)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1262)
at com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:714)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection(RemoteConnectionSpecification.java:356)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession(RemoteConnectionSpecification.java:265)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:144)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1709)
... 31 more **Caused by: java.security.NoSuchAlgorithmException: SSL_TLSv2 SSLContext not available**
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) [rt.jar:1.8.0_101]
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156) [rt.jar:1.8.0_101]
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.buildTLSV1_2SocketFactory(RemoteTCPConnection.java:2461)
... 40 more

UPDATED: After below changes, new error like this: TLS_RSA_WITH_AES_128_CBC_SHA256 JVM Arguments added: -Dcom.ibm.mq.cfg.useIBMCipherMappings=false 

Caused by: com.ibm.msg.client.jms.DetailedIllegalStateException: JMSWMQ0018: Failed to connect to queue manager 'mqtap.uyg.uat11' with connection mode 'Client' and host name 'xxx'. Check the queue manager is started and if running in client mode, check there is a listener running. Please see the linked exception for more information.
at com.ibm.msg.client.wmq.common.internal.Reason.reasonToException(Reason.java:474)
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:216)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:431)
at com.ibm.msg.client.wmq.internal.WMQXAConnection.<init>(WMQXAConnection.java:70)
at com.ibm.msg.client.wmq.factories.WMQXAConnectionFactory.createV7ProviderConnection(WMQXAConnectionFactory.java:190)
at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createProviderConnection(WMQConnectionFactory.java:6157)
at com.ibm.msg.client.wmq.factories.WMQXAConnectionFactory.createProviderXAConnection(WMQXAConnectionFactory.java:102)
at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl.createXAConnectionInternal(JmsConnectionFactoryImpl.java:364)
at com.ibm.mq.jms.MQXAConnectionFactory.createXAConnection(MQXAConnectionFactory.java:124)
at com.ibm.mq.connector.ConnectionBuilder.createConnection(ConnectionBuilder.java:167)
... 22 more Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2059' ('MQRC_Q_MGR_NOT_AVAILABLE').
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:204)
... 30 more Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;AMQ9204: Connection to host 'xxx' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2059;AMQ9503: Channel negotiation failed. [3=xxx]],3=xxx,5=RemoteConnection.analyseErrorSegment]
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:2098)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1347)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:350)
... 29 more Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;AMQ9503: Channel negotiation failed. [3=xxx]
at com.ibm.mq.jmqi.remote.impl.RemoteConnection.analyseErrorSegment(RemoteConnection.java:3850)
at com.ibm.mq.jmqi.remote.impl.RemoteConnection.receiveTSH(RemoteConnection.java:2749)
at com.ibm.mq.jmqi.remote.impl.RemoteConnection.initSess(RemoteConnection.java:1024)
at com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:717)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection(RemoteConnectionSpecification.java:356)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession(RemoteConnectionSpecification.java:265)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:144)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1709)
... 31 more

UPDATED output of javax.net.debug=ssl:

trustStore is: C:\dev\eclipse\workspace\XXX\src\main\application\config\XXX\keystore.jks
trustStore type is : jks
trustStore provider is : 
init truststore    

adding as trusted cert:
  Subject: CN=mqClientmqtap.uyg.uat, OU=XXX BT, O=XXX TAS, L=XXX, C=TR
  Issuer:  CN=mqClientmqtap.uyg.uat, OU=XXX BT, O=XXX TAS, L=XXX, C=TR
  Algorithm: RSA; Serial number: 0x5889a408
  Valid from Thu Jan 26 10:23:52 EET 2017 until Sun Jan 24 10:23:52 EET 2027

adding as trusted cert:
  Subject: CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=TR
  Issuer:  CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=TR
  Algorithm: RSA; Serial number: 0x588996d3
  Valid from Thu Jan 26 09:27:31 EET 2017 until Sun Jan 24 09:27:31 EET 2027

adding as trusted cert:
  Subject: CN=mqServermqtap.uyg.uat12, OU=XXX BT, O=XXX TAS, L=XXX, C=TR
  Issuer:  CN=mqServermqtap.uyg.uat12, OU=XXX BT, O=XXX TAS, L=XXX, C=TR
  Algorithm: RSA; Serial number: 0x5889994c
  Valid from Thu Jan 26 09:38:04 EET 2017 until Sun Jan 24 09:38:04 EET 2027

trigger seeding of SecureRandom
done seeding SecureRandom

Allow unsafe renegotiation: falseAllow legacy hello messages: XXXueIs initial handshake: XXXueIs secure renegotiation: false
    %% No cached client session
    *** ClientHello, TLSv1.2
    RandomCookie:  GMT: 1573949056 bytes = { 248, 4, 131, 18, 179, 77, 58, 163, 213, 86, 162, 39, 153, 233, 66, 82, 68, 140, 162, 144, 245, 223, 148, 131, 41, 17, 182, 13 }
    Session ID:  {}
    Cipher Suites: [TLS_RSA_WITH_AES_128_CBC_SHA256]
    Compression Methods:  { 0 }
    Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
    Extension server_name, server_name: [type=host_name (0), value=mqkont1.XXX.com.XXX]
    Extension renegotiation_info, renegotiated_connection: <empty>
    ***
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, WRITE: TLSv1.2 Handshake, length = 106
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, READ: TLSv1.2 Handshake, length = 1247
    *** ServerHello, TLSv1.2
    RandomCookie:  GMT: 710208142 bytes = { 152, 40, 119, 253, 151, 47, 206, 243, 81, 108, 25, 227, 196, 180, 235, 231, 180, 213, 136, 245, 68, 79, 87, 78, 71, 82, 68, 1 }
    Session ID:  {233, 220, 107, 227, 28, 86, 6, 240, 170, 113, 171, 164, 93, 132, 7, 120, 51, 79, 103, 215, 78, 157, 179, 176, 103, 14, 128, 68, 104, 28, 158, 75}
    Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256
    Compression Method: 0
    Extension renegotiation_info, renegotiated_connection: <empty>
    ***
    %% Initialized:  [Session-2, TLS_RSA_WITH_AES_128_CBC_SHA256]
    ** TLS_RSA_WITH_AES_128_CBC_SHA256
    *** Certificate chain
    chain [0] = [[  Version: V3  Subject: CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=XXX  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11  Key:  Sun RSA public key, 2048 bits  modulus: 16868959742511831543539228188322318728282173929458725924838613545208147879023122029920833782971719231363516671703224653599860963934312081835272320238812022534477095634694802627860269361713438182846321229058529392716608829685708314508449574441166109812419649123445875905638934406872091742574829759871314621197235350998579563031139677192512639546904745848670104988385994626620908449612658040233325854445643585926360496269974991459750688880211123355953429519072414353674373705386071983844550354941821794692371907044593903275788892906274112049209437573188855729556317970379842595602177784867998565702046085858658609856373  public exponent: 65537  Validity: [From: Thu Jan 26 09:27:31 EET 2017,               To: Sun Jan 24 09:27:31 EET 2027]  Issuer: CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=XXX  SerialNumber: [    588996d3]Certificate Extensions: 2[1]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 04 62 9C B2 40 5E E0 C7                            .b..@^..
    ]][2]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 04 62 9C B2 40 5E E0 C7                            .b..@^..
    ]]]  Algorithm: [SHA256withRSA]  Signature:0000: 27 23 9A F1 20 45 4E 98   2C A7 38 83 CE 99 7A 41  '#.. EN.,.8...zA
    0010: 0A 3A 57 02 E9 0F DE 73   73 01 07 B0 D8 19 C7 E2  .:W....ss.......
    0020: F2 2D 16 85 31 37 19 37   E4 2D B1 2C 4A F1 79 E4  .-..17.7.-.,J.y.
    0030: 09 99 E0 3A 47 B3 E2 4F   F4 EE 01 C3 D4 52 D4 94  ...:G..O.....R..
    0040: 38 49 09 59 3E 63 C1 44   48 B1 1F E3 B3 16 69 38  8I.Y>c.DH.....i8
    0050: E1 FA 5A 73 6F D1 F4 64   B3 0F 2E FD 49 72 87 F2  ..Zso..d....Ir..
    0060: 7E 59 76 87 C2 97 1C 8A   69 ED 92 52 D6 A4 3A 88  .Yv.....i..R..:.
    0070: 84 43 20 4B C7 4B C8 42   18 A0 E5 BF A6 C8 A7 32  .C K.K.B.......2
    0080: F2 E4 AA A3 F0 08 1F DF   F2 5E EE 1E 9F 84 4A CB  .........^....J.
    0090: 80 A8 9D 83 ED 6D 2A 5F   A2 C1 9E FC 89 D1 08 C0  .....m*_........
    00A0: 82 DA 4D D1 97 3B AB AB   1A 8B 35 D9 1C C0 DF B4  ..M..;....5.....
    00B0: 67 E3 39 A4 C8 73 2C F0   2A 70 2B 14 F7 F1 9C E8  g.9..s,.*p+.....
    00C0: 71 89 99 93 AB AE D6 4B   A0 46 1A 13 54 4E 6B 3B  q......K.F..TNk;
    00D0: E9 CE 97 92 4D 64 25 0C   D9 4F 3B A6 CC 78 36 C0  ....Md%..O;..x6.
    00E0: AE 75 0F A9 C1 3D D8 B2   AF 5F 68 9F FB EB 31 2F  .u...=..._h...1/
    00F0: 41 16 83 04 7B F2 0D 8E   07 47 47 8F 55 F7 33 29  A........GG.U.3)
    ]
    ***
    Found XXXusted certificate:
    [[  Version: V3  Subject: CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=XXX  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11  Key:  Sun RSA public key, 2048 bits  modulus: 16868959742511831543539228188322318728282173929458725924838613545208147879023122029920833782971719231363516671703224653599860963934312081835272320238812022534477095634694802627860269361713438182846321229058529392716608829685708314508449574441166109812419649123445875905638934406872091742574829759871314621197235350998579563031139677192512639546904745848670104988385994626620908449612658040233325854445643585926360496269974991459750688880211123355953429519072414353674373705386071983844550354941821794692371907044593903275788892906274112049209437573188855729556317970379842595602177784867998565702046085858658609856373  public exponent: 65537  Validity: [From: Thu Jan 26 09:27:31 EET 2017,               To: Sun Jan 24 09:27:31 EET 2027]  Issuer: CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=XXX  SerialNumber: [    588996d3]Certificate Extensions: 2[1]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 04 62 9C B2 40 5E E0 C7                            .b..@^..
    ]][2]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 04 62 9C B2 40 5E E0 C7                            .b..@^..
    ]]]  Algorithm: [SHA256withRSA]  Signature:0000: 27 23 9A F1 20 45 4E 98   2C A7 38 83 CE 99 7A 41  '#.. EN.,.8...zA
    0010: 0A 3A 57 02 E9 0F DE 73   73 01 07 B0 D8 19 C7 E2  .:W....ss.......
    0020: F2 2D 16 85 31 37 19 37   E4 2D B1 2C 4A F1 79 E4  .-..17.7.-.,J.y.
    0030: 09 99 E0 3A 47 B3 E2 4F   F4 EE 01 C3 D4 52 D4 94  ...:G..O.....R..
    0040: 38 49 09 59 3E 63 C1 44   48 B1 1F E3 B3 16 69 38  8I.Y>c.DH.....i8
    0050: E1 FA 5A 73 6F D1 F4 64   B3 0F 2E FD 49 72 87 F2  ..Zso..d....Ir..
    0060: 7E 59 76 87 C2 97 1C 8A   69 ED 92 52 D6 A4 3A 88  .Yv.....i..R..:.
    0070: 84 43 20 4B C7 4B C8 42   18 A0 E5 BF A6 C8 A7 32  .C K.K.B.......2
    0080: F2 E4 AA A3 F0 08 1F DF   F2 5E EE 1E 9F 84 4A CB  .........^....J.
    0090: 80 A8 9D 83 ED 6D 2A 5F   A2 C1 9E FC 89 D1 08 C0  .....m*_........
    00A0: 82 DA 4D D1 97 3B AB AB   1A 8B 35 D9 1C C0 DF B4  ..M..;....5.....
    00B0: 67 E3 39 A4 C8 73 2C F0   2A 70 2B 14 F7 F1 9C E8  g.9..s,.*p+.....
    00C0: 71 89 99 93 AB AE D6 4B   A0 46 1A 13 54 4E 6B 3B  q......K.F..TNk;
    00D0: E9 CE 97 92 4D 64 25 0C   D9 4F 3B A6 CC 78 36 C0  ....Md%..O;..x6.
    00E0: AE 75 0F A9 C1 3D D8 B2   AF 5F 68 9F FB EB 31 2F  .u...=..._h...1/
    00F0: 41 16 83 04 7B F2 0D 8E   07 47 47 8F 55 F7 33 29  A........GG.U.3)
    ]
    *** CertificateRequest
    Cert Types: RSA, DSS, ECDSA
    Supported Signature Algorithms: SHA512withRSA, SHA384withRSA, SHA256withRSA, Unknown (hash:0x3, signature:0x1), SHA1withRSA, SHA512withECDSA, SHA384withECDSA, SHA256withECDSA, Unknown (hash:0x3, signature:0x3), SHA1withECDSA, SHA1withDSA
    Cert Authorities:
    <CN=mqClientmqtap.uyg.uat, OU=XXX BT, O=XXX TAS, L=XXX, C=XXX>
    <CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=XXX>
    *** ServerHelloDone
    Warning: no suitable certificate found - continuing without client authentication
    *** Certificate chain
    <Empty>
    ***
    *** ClientKeyExchange, RSA PreMasterSecret, TLSv1.2
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, WRITE: TLSv1.2 Handshake, length = 269
    SESSION KEYGEN:
    PreMaster Secret:
    0000: 03 03 B7 63 CA 3F 6F F4   A3 C8 68 5F 4E D4 84 9A  ...c.?o...h_N...
    0010: 17 03 40 12 66 C2 C3 D0   67 EE 64 54 50 5D AF ED  [email protected]]..
    0020: CD 8E 45 A9 6F CF 91 E1   60 6A 63 0D 9B CB AF D7  ..E.o...`jc.....
    CONNECTION KEYGEN:
    Client Nonce:
    0000: 5E D1 8F 80 F8 04 83 12   B3 4D 3A A3 D5 56 A2 27  ^........M:..V.'
    0010: 99 E9 42 52 44 8C A2 90   F5 DF 94 83 29 11 B6 0D  ..BRD.......)...
    Server Nonce:
    0000: 2A 55 EB 8E 98 28 77 FD   97 2F CE F3 51 6C 19 E3  *U...(w../..Ql..
    0010: C4 B4 EB E7 B4 D5 88 F5   44 4F 57 4E 47 52 44 01  ........DOWNGRD.
    Master Secret:
    0000: D9 0B 10 DB B5 9A 64 0C   56 2E 70 89 93 E4 52 6A  ......d.V.p...Rj
    0010: F7 C2 A9 9F 0D 6E 47 82   84 A0 6F D9 58 C0 E8 FF  .....nG...o.X...
    0020: E1 BB 6D 74 76 B0 D6 E5   83 FA 6F 89 D2 C1 BC 06  ..mtv.....o.....
    Client MAC write Secret:
    0000: 2E C0 A1 1A 6B 63 40 13   C9 2F 96 29 29 6B 46 3C  ....kc@../.))kF<
    0010: 61 48 69 06 66 9A 20 45   3C F4 63 BB 80 AE 95 84  aHi.f. E<.c.....
    Server MAC write Secret:
    0000: 64 5D 2F F0 C3 76 E7 53   61 0A D6 9A 23 80 7E 29  d]/..v.Sa...#..)
    0010: C9 15 CC 4A 1A 6A 0C F8   5D A6 2F C3 CE F8 04 88  ...J.j..]./.....
    Client write key:
    0000: A1 3C 3A F9 81 3E 4A F4   D5 30 EB 7C FB 10 AF 1B  .<:..>J..0......
    Server write key:
    0000: 0F 0C 65 F8 C5 6B C1 8B   C4 51 36 35 2E 9F ED D6  ..e..k...Q65....
    ... no IV derived for this protocol
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, WRITE: TLSv1.2 Change Cipher Spec, length = 1
    *** Finished
    verify_data:  { 101, 32, 15, 187, 98, 153, 21, 159, 88, 122, 119, 59 }
    ***
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, WRITE: TLSv1.2 Handshake, length = 80
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, READ: TLSv1.2 Change Cipher Spec, length = 1
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, READ: TLSv1.2 Handshake, length = 80
    *** Finished
    verify_data:  { 80, 170, 1, 54, 80, 55, 237, 31, 125, 189, 221, 180 }
    ***
    %% Cached client session: [Session-2, TLS_RSA_WITH_AES_128_CBC_SHA256]
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, WRITE: TLSv1.2 Application Data, length = 288
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, setSoTimeout(5000) called
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, READ: TLSv1.2 Application Data, length = 96
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, setSoTimeout(0) called
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, called close()
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, called closeInternal(XXXue)
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, SEND TLSv1.2 ALERT:  warning, description = close_notify
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, WRITE: TLSv1.2 Alert, length = 64
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, called closeSocket(XXXue)
    01:41:04,148 WARN  [org.jboss.jca.core.connectionmanager.pool.sXXXategy.OnePool
Improve this question
1
  • Comments are not for extended discussion; this conversation has been moved to chat. Commented Jun 1, 2020 at 3:49

2 Answers 2

Reset to default
0

You are running a very old version of the software on the sender side, MQ 7.1 went out of support over three years ago (April 30 2017). IBM for a cost will provide extended support for an additional three years from what I understand, so it would seem that even that avenue of support is over. The 7.1.0.7 maintenance release itself came out November 15th 2015, so it is over 4.5 years old at this point. I would strongly suggest you move to a newer version.

Note that MQ v8.0 went out of support April 30 2020, and IBM announced that MQ v9.0 goes out of support September 30 2021. When you do migrate you should go with either 9.1 which has no announced end of support (they give five years minimum so it could be 2023) or go with the next version of MQ that should be out some time later this year.

You had two issues that you have detailed in the question and comments.

  1. You are using a non-IBM Java, because of this the ciphersuite you were passing was incorrect, I advised to do the following:

    • Add the java system property com.ibm.mq.cfg.useIBMCipherMappings=false
    • Specify the ciphersuite as TLS_RSA_WITH_AES_128_CBC_SHA256

  2. Once the above was corrected you started to get a new error. Based on the troubleshooting you have done and the ssl debug logs, I noticed that you are at a version of MQ that does not include APAR IT10837: WEBSPHERE MQ CHANNEL START FAILS WITH AMQ9637 WHEN USING A TLS 1.2 CIPHER RUNNING IN AN ORACLE JRE

PROBLEM DESCRIPTION:

The Oracle JVM did not create a default internal key manager
object for TLS socket connections, meaning that the client's
signed personal certificates were not available for client
authentication during the handshake, causing the connection
attempt to fail.

Problem conclusion

An internal key manager object is now created for Oracle TLS
connections, so the client's signed personal certificates are
available during the handshake and the connection attempt
succeeds.

---------------------------------------------------------------
The fix is targeted for delivery in the following PTFs:

Version    Maintenance Level
v7.1       7.1.0.8
v7.5       7.5.0.7
v8.0       8.0.0.5

Because of this MQ does not find your keyStore and trustStore.

Recommended solution is to upgrade to a supported version of IBM MQ. You can use Maven to get the current IBM MQ v9.1.0.5 LTS support client at the following link:

MVN REPOSITORY » com.ibm.mq com.ibm.mq.allclient

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

After getting IBM MQ Client jar, I connect to IBM MQ from Oracle JRE succeffully https://mvnrepository.com/artifact/com.ibm.mq/wmq.jmsra/9.1.5.0

Improve this answer

1 Comment

You should put the above as a comment on my answer, this doesn't really fit being an answer since it is just what I suggested. Also note that 9.1.5 is the Continuous Delivery release stream, this will send soon and that will be the basis for the next Long Term Support version (ex: 9.1). Unless you are using features that were added in the 9.1.x CDS releases the more stable release would be 9.1.0.5 as I mentioned in my answer. Also if you liked my answer and the help I provided please also upvote my answer by clicking the up arrow above the green check mark.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.