I'm trying to connect to MQ queue manager which uses 1 way SSL using Java client. Even after following all the steps mentioned in various blogs, I am still getting MQJE001: Completion Code '2', Reason '2400' error.
Please find the java code we are using:
CodePudding user response:
Copying and pasting steps without understanding what they're doing isn't the best way to proceed. The same applies to pasting code as image here.
As per 2400 (0960) (RC2400) error description:
A connection to a queue manager was requested, specifying SSL encryption. However, JSSE reported that it does not support the CipherSuite specified by the application.
Check the CipherSuite specified by the application. Note that the names of JSSE CipherSuites differ from their equivalent CipherSpecs used by the queue manager.
Also, check that JSSE is correctly installed.
So you're trying to use cipher suite which might be supported by MQ but it's not supported by your local Java installation. You could try using Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files or obtaining the JDK from your MQ machine which should have the this ECDHE_RSA_AES_256_CBC_SHA384 cipher suite installed.
More information:
CodePudding user response:
IBM MQ error 2400 means UNSUPPORTED_CIPHER_SUITE.
Depending on the JDK vendor (IBM/Oracle), you can enable CipherSuite mapping with Java system property com.ibm.mq.cfg.useIBMCipherMappings. Based on your screenshot you want to use ECDHE_RSA_AES_256_CBC_SHA384. If you use the Oracle JDK, you have to do this in Java:
System.setProperty("com.ibm.mq.cfg.useIBMCipherMappings", "false");
...
MQEnvironment.sslCipherSuite = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
If you are using MQ 9.2, you can also simply configure cipher suite *TLS12ORHIGHER.