TIBCO ActiveMatrix BusinessWorks Plug-in for WebSphere MQ SSLv3 is disabled due to an IBM MQ client issue.

TIBCO ActiveMatrix BusinessWorks Plug-in for WebSphere MQ SSLv3 is disabled due to an IBM MQ client issue.

book

Article ID: KB0092761

calendar_today

Updated On:

Products Versions
TIBCO ActiveMatrix BusinessWorks Plug-in for IBM MQ -
Not Applicable -

Description

Description:
IBM WebSphere MQ disables the SSLv3 protocol due to Vulnerability affects, hence SSLv3 is disabled in TIBCO ActiveMatrix BusinessWorks Plug-in for WebSphere MQ

Symptoms:
When trying to using SSLv3 with MQ server, the following error is thrown on the plug-in side.

<CausedBy> com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[No appropriate protocol (protocol is disabled or cipher suites are inappropriate)],3=bilbo/127.0.0.1:1414 (bilbo),4=SSLSocket.startHandshake,5=default]
   <CausedBy> javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

Cause:
The MQ client API only runs on the SSLv3 protocol and it is disabled in the Oracle JVM.

Resolution

Awaiting a fix from IBM for the WebSphere MQ client API. Details can be found at the following site. However, the same vulnerability exists between MQ client applications and the server.  (Site: http://www-01.ibm.com/support/docview.wss?uid=swg21687433).

IBM provides fixpacks to allow customers to use TLS CiperSpecs instead of SSL v3, which contains security vulnerabilities (POODLE (CVE ID: CVE-2014-3566)). Additional support by the WebSphere MQ classes for Java/JMS of CipherSuites to CiperSpecs mappings, which are understood by the Queue Manager and the non-IBM JVM, are added through APAR IV66840: http://www-01.ibm.com/support/docview.wss?uid=swg1IV66840 .


Issue/Introduction

TIBCO ActiveMatrix BusinessWorks Plug-in for WebSphere MQ SSLv3 is disabled due to an IBM MQ client issue.

Additional Information


http://www-01.ibm.com/support/docview.wss?uid=swg21687433
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66840

Powered by Wolken Software