【问题标题】:java.security.NoSuchAlgorithmException: SSL_TLSv2 SSLContext not availablejava.security.NoSuchAlgorithmException:SSL_TLSv2 SSLContext 不可用
【发布时间】:2020-06-01 19:38:05
【问题描述】:

我在使用 JRE 1.8 (jdk1.8.0_101) 上的 SSL 从 JBoss 连接 IBM MQ 时遇到问题

我在下面的 java.security 上发表评论,但没有任何变化:

jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 
Caused by: com.ibm.msg.client.jms.DetailedJMSException: JMSWMQ0018: Failed to connect to queue manager 'xxxxx' with connection mode 'Client' and host name 'xxxx'.Check the queue manager is started and if running in client mode, check there is a listener running. Please see the linked exception for more information.
at com.ibm.msg.client.wmq.common.internal.Reason.reasonToException(Reason.java:580)
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:216)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:431)
at com.ibm.msg.client.wmq.internal.WMQXAConnection.<init>(WMQXAConnection.java:70)
at com.ibm.msg.client.wmq.factories.WMQXAConnectionFactory.createV7ProviderConnection(WMQXAConnectionFactory.java:190)
at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createProviderConnection(WMQConnectionFactory.java:6157)
at com.ibm.msg.client.wmq.factories.WMQXAConnectionFactory.createProviderXAConnection(WMQXAConnectionFactory.java:102)
at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl.createXAConnectionInternal(JmsConnectionFactoryImpl.java:364)
at com.ibm.mq.jms.MQXAConnectionFactory.createXAConnection(MQXAConnectionFactory.java:124)
at com.ibm.mq.connector.ConnectionBuilder.createConnection(ConnectionBuilder.java:167)
... 22 more **Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2393' ('MQRC_SSL_INITIALIZATION_ERROR')**.
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:204)
... 30 more Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9204: Connection to host 'xxxxx' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2393],3=xxxxx(1428),5=RemoteTCPConnection.buildTLSV1_2SocketFactory]
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:2098)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1347)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:350)
... 29 more  Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.buildTLSV1_2SocketFactory(RemoteTCPConnection.java:2480)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.chooseSocketFactory(RemoteTCPConnection.java:2130)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.makeSocketSecure(RemoteTCPConnection.java:1945)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.connnectUsingLocalAddress(RemoteTCPConnection.java:855)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1262)
at com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:714)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection(RemoteConnectionSpecification.java:356)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession(RemoteConnectionSpecification.java:265)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:144)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1709)
... 31 more **Caused by: java.security.NoSuchAlgorithmException: SSL_TLSv2 SSLContext not available**
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) [rt.jar:1.8.0_101]
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156) [rt.jar:1.8.0_101]
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.buildTLSV1_2SocketFactory(RemoteTCPConnection.java:2461)
... 40 more

更新:以下更改后,新错误如下: TLS_RSA_WITH_AES_128_CBC_SHA256 添加的 JVM 参数:-Dcom.ibm.mq.cfg.useIBMCipherMappings=false

Caused by: com.ibm.msg.client.jms.DetailedIllegalStateException: JMSWMQ0018: Failed to connect to queue manager 'mqtap.uyg.uat11' with connection mode 'Client' and host name 'xxx'. Check the queue manager is started and if running in client mode, check there is a listener running. Please see the linked exception for more information.
at com.ibm.msg.client.wmq.common.internal.Reason.reasonToException(Reason.java:474)
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:216)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:431)
at com.ibm.msg.client.wmq.internal.WMQXAConnection.<init>(WMQXAConnection.java:70)
at com.ibm.msg.client.wmq.factories.WMQXAConnectionFactory.createV7ProviderConnection(WMQXAConnectionFactory.java:190)
at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createProviderConnection(WMQConnectionFactory.java:6157)
at com.ibm.msg.client.wmq.factories.WMQXAConnectionFactory.createProviderXAConnection(WMQXAConnectionFactory.java:102)
at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl.createXAConnectionInternal(JmsConnectionFactoryImpl.java:364)
at com.ibm.mq.jms.MQXAConnectionFactory.createXAConnection(MQXAConnectionFactory.java:124)
at com.ibm.mq.connector.ConnectionBuilder.createConnection(ConnectionBuilder.java:167)
... 22 more Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2059' ('MQRC_Q_MGR_NOT_AVAILABLE').
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:204)
... 30 more Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;AMQ9204: Connection to host 'xxx' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2059;AMQ9503: Channel negotiation failed. [3=xxx]],3=xxx,5=RemoteConnection.analyseErrorSegment]
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:2098)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1347)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:350)
... 29 more Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;AMQ9503: Channel negotiation failed. [3=xxx]
at com.ibm.mq.jmqi.remote.impl.RemoteConnection.analyseErrorSegment(RemoteConnection.java:3850)
at com.ibm.mq.jmqi.remote.impl.RemoteConnection.receiveTSH(RemoteConnection.java:2749)
at com.ibm.mq.jmqi.remote.impl.RemoteConnection.initSess(RemoteConnection.java:1024)
at com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:717)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection(RemoteConnectionSpecification.java:356)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession(RemoteConnectionSpecification.java:265)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:144)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1709)
... 31 more

javax.net.debug=ssl 的更新输出:

trustStore is: C:\dev\eclipse\workspace\XXX\src\main\application\config\XXX\keystore.jks
trustStore type is : jks
trustStore provider is : 
init truststore    

adding as trusted cert:
  Subject: CN=mqClientmqtap.uyg.uat, OU=XXX BT, O=XXX TAS, L=XXX, C=TR
  Issuer:  CN=mqClientmqtap.uyg.uat, OU=XXX BT, O=XXX TAS, L=XXX, C=TR
  Algorithm: RSA; Serial number: 0x5889a408
  Valid from Thu Jan 26 10:23:52 EET 2017 until Sun Jan 24 10:23:52 EET 2027

adding as trusted cert:
  Subject: CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=TR
  Issuer:  CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=TR
  Algorithm: RSA; Serial number: 0x588996d3
  Valid from Thu Jan 26 09:27:31 EET 2017 until Sun Jan 24 09:27:31 EET 2027

adding as trusted cert:
  Subject: CN=mqServermqtap.uyg.uat12, OU=XXX BT, O=XXX TAS, L=XXX, C=TR
  Issuer:  CN=mqServermqtap.uyg.uat12, OU=XXX BT, O=XXX TAS, L=XXX, C=TR
  Algorithm: RSA; Serial number: 0x5889994c
  Valid from Thu Jan 26 09:38:04 EET 2017 until Sun Jan 24 09:38:04 EET 2027

trigger seeding of SecureRandom
done seeding SecureRandom

Allow unsafe renegotiation: falseAllow legacy hello messages: XXXueIs initial handshake: XXXueIs secure renegotiation: false
    %% No cached client session
    *** ClientHello, TLSv1.2
    RandomCookie:  GMT: 1573949056 bytes = { 248, 4, 131, 18, 179, 77, 58, 163, 213, 86, 162, 39, 153, 233, 66, 82, 68, 140, 162, 144, 245, 223, 148, 131, 41, 17, 182, 13 }
    Session ID:  {}
    Cipher Suites: [TLS_RSA_WITH_AES_128_CBC_SHA256]
    Compression Methods:  { 0 }
    Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
    Extension server_name, server_name: [type=host_name (0), value=mqkont1.XXX.com.XXX]
    Extension renegotiation_info, renegotiated_connection: <empty>
    ***
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, WRITE: TLSv1.2 Handshake, length = 106
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, READ: TLSv1.2 Handshake, length = 1247
    *** ServerHello, TLSv1.2
    RandomCookie:  GMT: 710208142 bytes = { 152, 40, 119, 253, 151, 47, 206, 243, 81, 108, 25, 227, 196, 180, 235, 231, 180, 213, 136, 245, 68, 79, 87, 78, 71, 82, 68, 1 }
    Session ID:  {233, 220, 107, 227, 28, 86, 6, 240, 170, 113, 171, 164, 93, 132, 7, 120, 51, 79, 103, 215, 78, 157, 179, 176, 103, 14, 128, 68, 104, 28, 158, 75}
    Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256
    Compression Method: 0
    Extension renegotiation_info, renegotiated_connection: <empty>
    ***
    %% Initialized:  [Session-2, TLS_RSA_WITH_AES_128_CBC_SHA256]
    ** TLS_RSA_WITH_AES_128_CBC_SHA256
    *** Certificate chain
    chain [0] = [[  Version: V3  Subject: CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=XXX  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11  Key:  Sun RSA public key, 2048 bits  modulus: 16868959742511831543539228188322318728282173929458725924838613545208147879023122029920833782971719231363516671703224653599860963934312081835272320238812022534477095634694802627860269361713438182846321229058529392716608829685708314508449574441166109812419649123445875905638934406872091742574829759871314621197235350998579563031139677192512639546904745848670104988385994626620908449612658040233325854445643585926360496269974991459750688880211123355953429519072414353674373705386071983844550354941821794692371907044593903275788892906274112049209437573188855729556317970379842595602177784867998565702046085858658609856373  public exponent: 65537  Validity: [From: Thu Jan 26 09:27:31 EET 2017,               To: Sun Jan 24 09:27:31 EET 2027]  Issuer: CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=XXX  SerialNumber: [    588996d3]Certificate Extensions: 2[1]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 04 62 9C B2 40 5E E0 C7                            .b..@^..
    ]][2]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 04 62 9C B2 40 5E E0 C7                            .b..@^..
    ]]]  Algorithm: [SHA256withRSA]  Signature:0000: 27 23 9A F1 20 45 4E 98   2C A7 38 83 CE 99 7A 41  '#.. EN.,.8...zA
    0010: 0A 3A 57 02 E9 0F DE 73   73 01 07 B0 D8 19 C7 E2  .:W....ss.......
    0020: F2 2D 16 85 31 37 19 37   E4 2D B1 2C 4A F1 79 E4  .-..17.7.-.,J.y.
    0030: 09 99 E0 3A 47 B3 E2 4F   F4 EE 01 C3 D4 52 D4 94  ...:G..O.....R..
    0040: 38 49 09 59 3E 63 C1 44   48 B1 1F E3 B3 16 69 38  8I.Y>c.DH.....i8
    0050: E1 FA 5A 73 6F D1 F4 64   B3 0F 2E FD 49 72 87 F2  ..Zso..d....Ir..
    0060: 7E 59 76 87 C2 97 1C 8A   69 ED 92 52 D6 A4 3A 88  .Yv.....i..R..:.
    0070: 84 43 20 4B C7 4B C8 42   18 A0 E5 BF A6 C8 A7 32  .C K.K.B.......2
    0080: F2 E4 AA A3 F0 08 1F DF   F2 5E EE 1E 9F 84 4A CB  .........^....J.
    0090: 80 A8 9D 83 ED 6D 2A 5F   A2 C1 9E FC 89 D1 08 C0  .....m*_........
    00A0: 82 DA 4D D1 97 3B AB AB   1A 8B 35 D9 1C C0 DF B4  ..M..;....5.....
    00B0: 67 E3 39 A4 C8 73 2C F0   2A 70 2B 14 F7 F1 9C E8  g.9..s,.*p+.....
    00C0: 71 89 99 93 AB AE D6 4B   A0 46 1A 13 54 4E 6B 3B  q......K.F..TNk;
    00D0: E9 CE 97 92 4D 64 25 0C   D9 4F 3B A6 CC 78 36 C0  ....Md%..O;..x6.
    00E0: AE 75 0F A9 C1 3D D8 B2   AF 5F 68 9F FB EB 31 2F  .u...=..._h...1/
    00F0: 41 16 83 04 7B F2 0D 8E   07 47 47 8F 55 F7 33 29  A........GG.U.3)
    ]
    ***
    Found XXXusted certificate:
    [[  Version: V3  Subject: CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=XXX  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11  Key:  Sun RSA public key, 2048 bits  modulus: 16868959742511831543539228188322318728282173929458725924838613545208147879023122029920833782971719231363516671703224653599860963934312081835272320238812022534477095634694802627860269361713438182846321229058529392716608829685708314508449574441166109812419649123445875905638934406872091742574829759871314621197235350998579563031139677192512639546904745848670104988385994626620908449612658040233325854445643585926360496269974991459750688880211123355953429519072414353674373705386071983844550354941821794692371907044593903275788892906274112049209437573188855729556317970379842595602177784867998565702046085858658609856373  public exponent: 65537  Validity: [From: Thu Jan 26 09:27:31 EET 2017,               To: Sun Jan 24 09:27:31 EET 2027]  Issuer: CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=XXX  SerialNumber: [    588996d3]Certificate Extensions: 2[1]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 04 62 9C B2 40 5E E0 C7                            .b..@^..
    ]][2]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 04 62 9C B2 40 5E E0 C7                            .b..@^..
    ]]]  Algorithm: [SHA256withRSA]  Signature:0000: 27 23 9A F1 20 45 4E 98   2C A7 38 83 CE 99 7A 41  '#.. EN.,.8...zA
    0010: 0A 3A 57 02 E9 0F DE 73   73 01 07 B0 D8 19 C7 E2  .:W....ss.......
    0020: F2 2D 16 85 31 37 19 37   E4 2D B1 2C 4A F1 79 E4  .-..17.7.-.,J.y.
    0030: 09 99 E0 3A 47 B3 E2 4F   F4 EE 01 C3 D4 52 D4 94  ...:G..O.....R..
    0040: 38 49 09 59 3E 63 C1 44   48 B1 1F E3 B3 16 69 38  8I.Y>c.DH.....i8
    0050: E1 FA 5A 73 6F D1 F4 64   B3 0F 2E FD 49 72 87 F2  ..Zso..d....Ir..
    0060: 7E 59 76 87 C2 97 1C 8A   69 ED 92 52 D6 A4 3A 88  .Yv.....i..R..:.
    0070: 84 43 20 4B C7 4B C8 42   18 A0 E5 BF A6 C8 A7 32  .C K.K.B.......2
    0080: F2 E4 AA A3 F0 08 1F DF   F2 5E EE 1E 9F 84 4A CB  .........^....J.
    0090: 80 A8 9D 83 ED 6D 2A 5F   A2 C1 9E FC 89 D1 08 C0  .....m*_........
    00A0: 82 DA 4D D1 97 3B AB AB   1A 8B 35 D9 1C C0 DF B4  ..M..;....5.....
    00B0: 67 E3 39 A4 C8 73 2C F0   2A 70 2B 14 F7 F1 9C E8  g.9..s,.*p+.....
    00C0: 71 89 99 93 AB AE D6 4B   A0 46 1A 13 54 4E 6B 3B  q......K.F..TNk;
    00D0: E9 CE 97 92 4D 64 25 0C   D9 4F 3B A6 CC 78 36 C0  ....Md%..O;..x6.
    00E0: AE 75 0F A9 C1 3D D8 B2   AF 5F 68 9F FB EB 31 2F  .u...=..._h...1/
    00F0: 41 16 83 04 7B F2 0D 8E   07 47 47 8F 55 F7 33 29  A........GG.U.3)
    ]
    *** CertificateRequest
    Cert Types: RSA, DSS, ECDSA
    Supported Signature Algorithms: SHA512withRSA, SHA384withRSA, SHA256withRSA, Unknown (hash:0x3, signature:0x1), SHA1withRSA, SHA512withECDSA, SHA384withECDSA, SHA256withECDSA, Unknown (hash:0x3, signature:0x3), SHA1withECDSA, SHA1withDSA
    Cert Authorities:
    <CN=mqClientmqtap.uyg.uat, OU=XXX BT, O=XXX TAS, L=XXX, C=XXX>
    <CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=XXX>
    *** ServerHelloDone
    Warning: no suitable certificate found - continuing without client authentication
    *** Certificate chain
    <Empty>
    ***
    *** ClientKeyExchange, RSA PreMasterSecret, TLSv1.2
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, WRITE: TLSv1.2 Handshake, length = 269
    SESSION KEYGEN:
    PreMaster Secret:
    0000: 03 03 B7 63 CA 3F 6F F4   A3 C8 68 5F 4E D4 84 9A  ...c.?o...h_N...
    0010: 17 03 40 12 66 C2 C3 D0   67 EE 64 54 50 5D AF ED  ..@.f...g.dTP]..
    0020: CD 8E 45 A9 6F CF 91 E1   60 6A 63 0D 9B CB AF D7  ..E.o...`jc.....
    CONNECTION KEYGEN:
    Client Nonce:
    0000: 5E D1 8F 80 F8 04 83 12   B3 4D 3A A3 D5 56 A2 27  ^........M:..V.'
    0010: 99 E9 42 52 44 8C A2 90   F5 DF 94 83 29 11 B6 0D  ..BRD.......)...
    Server Nonce:
    0000: 2A 55 EB 8E 98 28 77 FD   97 2F CE F3 51 6C 19 E3  *U...(w../..Ql..
    0010: C4 B4 EB E7 B4 D5 88 F5   44 4F 57 4E 47 52 44 01  ........DOWNGRD.
    Master Secret:
    0000: D9 0B 10 DB B5 9A 64 0C   56 2E 70 89 93 E4 52 6A  ......d.V.p...Rj
    0010: F7 C2 A9 9F 0D 6E 47 82   84 A0 6F D9 58 C0 E8 FF  .....nG...o.X...
    0020: E1 BB 6D 74 76 B0 D6 E5   83 FA 6F 89 D2 C1 BC 06  ..mtv.....o.....
    Client MAC write Secret:
    0000: 2E C0 A1 1A 6B 63 40 13   C9 2F 96 29 29 6B 46 3C  ....kc@../.))kF<
    0010: 61 48 69 06 66 9A 20 45   3C F4 63 BB 80 AE 95 84  aHi.f. E<.c.....
    Server MAC write Secret:
    0000: 64 5D 2F F0 C3 76 E7 53   61 0A D6 9A 23 80 7E 29  d]/..v.Sa...#..)
    0010: C9 15 CC 4A 1A 6A 0C F8   5D A6 2F C3 CE F8 04 88  ...J.j..]./.....
    Client write key:
    0000: A1 3C 3A F9 81 3E 4A F4   D5 30 EB 7C FB 10 AF 1B  .<:..>J..0......
    Server write key:
    0000: 0F 0C 65 F8 C5 6B C1 8B   C4 51 36 35 2E 9F ED D6  ..e..k...Q65....
    ... no IV derived for this protocol
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, WRITE: TLSv1.2 Change Cipher Spec, length = 1
    *** Finished
    verify_data:  { 101, 32, 15, 187, 98, 153, 21, 159, 88, 122, 119, 59 }
    ***
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, WRITE: TLSv1.2 Handshake, length = 80
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, READ: TLSv1.2 Change Cipher Spec, length = 1
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, READ: TLSv1.2 Handshake, length = 80
    *** Finished
    verify_data:  { 80, 170, 1, 54, 80, 55, 237, 31, 125, 189, 221, 180 }
    ***
    %% Cached client session: [Session-2, TLS_RSA_WITH_AES_128_CBC_SHA256]
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, WRITE: TLSv1.2 Application Data, length = 288
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, setSoTimeout(5000) called
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, READ: TLSv1.2 Application Data, length = 96
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, setSoTimeout(0) called
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, called close()
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, called closeInternal(XXXue)
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, SEND TLSv1.2 ALERT:  warning, description = close_notify
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, WRITE: TLSv1.2 Alert, length = 64
    jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, called closeSocket(XXXue)
    01:41:04,148 WARN  [org.jboss.jca.core.connectionmanager.pool.sXXXategy.OnePool

【问题讨论】:

标签: java ssl ibm-mq


【解决方案1】:

您在发送方运行的软件版本非常旧,MQ 7.1 在三年前(2017 年 4 月 30 日)停止支持。据我了解,IBM 将有偿提供额外三年的延长支持,因此似乎这种支持途径已经结束。 7.1.0.7 维护版本本身于 2015 年 11 月 15 日发布,因此此时已超过 4.5 年。我强烈建议您改用较新的版本。

请注意,MQ v8.0 于 2020 年 4 月 30 日停止支持,IBM 宣布 MQ v9.0 于 2021 年 9 月 30 日停止支持。当您进行迁移时,您应该选择未宣布终止支持的 9.1 (他们给出的最低期限为 5 年,因此可能是 2023 年),或者选择应该在今年晚些时候发布的下一个 MQ 版本。


您在问题和 cmets 中有两个问题。

  1. 您使用的是非 IBM Java,因此您传递的密码套件不正确,我建议您执行以下操作:

    • 添加java系统属性com.ibm.mq.cfg.useIBMCipherMappings=false
    • 将密码套件指定为TLS_RSA_WITH_AES_128_CBC_SHA256
  2. 一旦上述问题得到纠正,您就会开始遇到新错误。根据您所做的故障排除和 ssl 调试日志,我注意到您使用的 MQ 版本不包含 APAR IT10837: WEBSPHERE MQ CHANNEL START FAILS WITH AMQ9637 WHEN USING A TLS 1.2 CIPHER RUNNING IN AN ORACLE JRE

PROBLEM DESCRIPTION:

The Oracle JVM did not create a default internal key manager
object for TLS socket connections, meaning that the client's
signed personal certificates were not available for client
authentication during the handshake, causing the connection
attempt to fail.

Problem conclusion

An internal key manager object is now created for Oracle TLS
connections, so the client's signed personal certificates are
available during the handshake and the connection attempt
succeeds.

---------------------------------------------------------------
The fix is targeted for delivery in the following PTFs:

Version    Maintenance Level
v7.1       7.1.0.8
v7.5       7.5.0.7
v8.0       8.0.0.5

因为这个 MQ 没有找到你的 keyStore 和 trustStore。


推荐的解决方案是升级到受支持的 IBM MQ 版本。您可以通过以下链接使用 Maven 获取当前的 IBM MQ v9.1.0.5 LTS 支持客户端:

MVN REPOSITORY » com.ibm.mq com.ibm.mq.allclient

【讨论】:

    【解决方案2】:

    获得 IBM MQ Client jar 后,我从 Oracle JRE 成功连接到 IBM MQ https://mvnrepository.com/artifact/com.ibm.mq/wmq.jmsra/9.1.5.0

    【讨论】:

    • 您应该将以上内容作为对我的答案的评论,这并不适合作为答案,因为这正是我的建议。另请注意,9.1.5 是持续交付发布流,它将很快发送,这将是下一个长期支持版本(例如:9.1)的基础。除非您使用的是 9.1.x CDS 版本中添加的功能,否则更稳定的版本将是 9.1.0.5,正如我在回答中提到的那样。此外,如果您喜欢我的回答和我提供的帮助,还请点击绿色复选标记上方的向上箭头来支持我的回答。
    猜你喜欢
    • 1970-01-01
    • 2015-04-19
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2015-06-17
    • 2022-07-18
    • 1970-01-01
    相关资源
    最近更新 更多