gpt4 book ai didi

java - IBM MQ8.0 - AMQ9503 channel 协商失败

转载 作者:塔克拉玛干 更新时间:2023-11-02 19:10:20 43 4
gpt4 key购买 nike

当客户端 channel (SVRCONN) 启用 SSL 时,我从 Java 客户端连接到 IBM MQ8.0 时遇到问题。当在 channel 禁用 SSL(SSLAUTH 到可选)时,流程工作正常。

客户端是带有 JRE1.7 的 java。 MQ服务器版本为IBM MQ8.0

创建自签名证书并根据 MQ 设置引用正确交换。

javax.net.debug=ssl 选项在日志中确认证书交换和 SSL 握手成功。

但是当 java 客户端代码试图获取 MQManager 对象时,会抛出 MQ 异常。

com.ibm.mq.MQException: MQJE001: Completion code '2', reason '2059' ...

caused by: com.ibm.jmqi.JmqiException: CC=2;RC=2059;AMQ9204: Connection to host '1.2.3.4(1414)' rejected. [1=com.ibm.jmqi.JmqiException[CC=2;RC=2059;AMQ9503: Channel negotiation failed. [3=CHANNEL.SVRCONN.SSL]],3=1.2.3.4(1414), 5=RemoteConnection.analyseSegment] ...

caused by: com.ibm.jmqi.JmqiException: CC=2;RC=2059;AMQ9503: Channel negotiation failed. [3=CHANNEL.SVRCONN.SSL]

我已配置为在客户端和 MQ 客户端 channel (SVRCONN) 中使用 TLS_RSA_WITH_AES_256_CBC_SHA256 作为密码规范。
尝试使用 TLS_RSA_WITH_AES_128_CBC_SHA 等其他密码规范,错误仍然存​​在。


MQ server error log has AMQ9665: SSL connection closed by remote end of channel '????'  

Explanation: The SSL or TLS connection was closed by the remote host '5.6.7.8' during the secure socket handshake. The channel is '????', in some cases its name can not be determined and so is shown as '????'. The chanel didn't start.

ACTION: Check the remote end of for SSL and TLS errors. Fix them and restart the channel.

但是在远程端,我只有使用 MQ 库连接到 MQ 服务器的 Java 客户端。


SSLLog Page-4 SSLLog Page-5

无法从服务器获取数据,因此从 SSL 日志中添加了最后 2 页的图像。

上面已经给出了 MQ 服务器端日志。连同默认日志 AMQ9999: Channel '????' to host 1.2.3.4异常结束。使用 重复记录相同的错误。没有找到任何其他日志。


下面是 MQ 客户端代码片段。

void connect2MQ()
{
MQEnvironment.hostname=1.2.3.4
MQEnvironment.port=1414
MQEnvironment.channel=CLIENT.SVRCONN.SSL
if(SSLEnabled.equals("Y") // It is set to 'Y' in main method
{
MQEnvironment.sslCipherSuit="TLS_RSA_WITH_AES_128_CBC_SHA";
System.setProperty("javax.net.ssl.truststore","trustStoreCertFilePath");
System.setProperty("javax.net.ssl.keyStore","keyStoreCertFilePath");
System.setProperty("javax.net.ssl.trustStorePassword","Pass");
System.setProperty("javax.net.ssl.keyStorePassword","Pass");
System.setProperty("javax.net.ssl.trustStoreType","JKS");
System.setProperty("javax.net.ssl.keyStoreType","JKS");
}

try {
MQQueueManager qmgr = new MQQueueManager("QMGR.TEST.SSL"); // Exception is thrown from here
...
}

最佳答案

您似乎遇到了 APAR IT10837 中描述的问题.这在 8.0.0.5 和更高版本的 MQ Classes for Java 和 MQ Classes for JMS 客户端 jar 文件中得到修复,我建议移动到最新的 v8 版本 8.0.0.7。

错误消息不匹配,但它与 SSLCAUTH(OPTIONAL) 一起工作而不与 SSLCAUTH(REQUIRED) 一起工作的症状与您的版本匹配在没有修复的情况下运行。


Tom Leend 有一篇标题为“MQ Java, TLS Ciphers, Non-IBM JREs & APARs IT06775, IV66840, IT09423, IT10837 -- HELP ME PLEASE!”的 IBM developerWorks MQdev 博客,它描述了一种变通方法,如果您的 MQ 级别不具有修复。

---- Code Snippet Start ----
KeyStore keyStore = KeyStore.getInstance("JKS");
java.io.FileInputStream keyStoreInputStream = new java.io.FileInputStream("/home/tom/myKeyStore.jks");
keyStore.load (keyStoreInputStream, password_char_array);

KeyStore trustStore trustStore = KeyStore.getInstance ("JKS");
java.io.FileInputStream trustStoreInputStream = new java.io.FileInputStream("/home/tom/myTrustStore.jks");
trustStore.load (trustStoreInputStream, password_char_array);

keyStoreInputStream.close();
trustStoreInputStream.close();

KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore,password);
trustManagerFactory.init(trustStore);

SSLContext sslContext = SSLContext.getInstance("TLSv1");
sslContext.init(keyManagerFactory.getKeyManagers(),
trustManagerFactory.getTrustManagers(),
null);
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

// classes for JMS
//myJmsConnectionFactory.setObjectProperty(
// WMQConstants.WMQ_SSL_SOCKET_FACTORY, sslSocketFactory);

// classes for Java
MQEnvironment.sslSocketFactory = sslSocketFactory;
---- Code Snippet End ----

关于java - IBM MQ8.0 - AMQ9503 channel 协商失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46409006/

43 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com