Java.security.NoSuch算法异常:SSL_TLSv2 SSLContext不可用
从JBoss使用JRE 1.8(jdk1.8.0_101)上的SSL连接IBM MQ时遇到问题
我在下面一行中对java.Security进行了注释,但没有任何变化:
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
Caused by: com.ibm.msg.client.jms.DetailedJMSException: JMSWMQ0018: Failed to connect to queue manager 'xxxxx' with connection mode 'Client' and host name 'xxxx'.Check the queue manager is started and if running in client mode, check there is a listener running. Please see the linked exception for more information.
at com.ibm.msg.client.wmq.common.internal.Reason.reasonToException(Reason.java:580)
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:216)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:431)
at com.ibm.msg.client.wmq.internal.WMQXAConnection.<init>(WMQXAConnection.java:70)
at com.ibm.msg.client.wmq.factories.WMQXAConnectionFactory.createV7ProviderConnection(WMQXAConnectionFactory.java:190)
at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createProviderConnection(WMQConnectionFactory.java:6157)
at com.ibm.msg.client.wmq.factories.WMQXAConnectionFactory.createProviderXAConnection(WMQXAConnectionFactory.java:102)
at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl.createXAConnectionInternal(JmsConnectionFactoryImpl.java:364)
at com.ibm.mq.jms.MQXAConnectionFactory.createXAConnection(MQXAConnectionFactory.java:124)
at com.ibm.mq.connector.ConnectionBuilder.createConnection(ConnectionBuilder.java:167)
... 22 more **Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2393' ('MQRC_SSL_INITIALIZATION_ERROR')**.
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:204)
... 30 more Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9204: Connection to host 'xxxxx' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2393],3=xxxxx(1428),5=RemoteTCPConnection.buildTLSV1_2SocketFactory]
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:2098)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1347)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:350)
... 29 more Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.buildTLSV1_2SocketFactory(RemoteTCPConnection.java:2480)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.chooseSocketFactory(RemoteTCPConnection.java:2130)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.makeSocketSecure(RemoteTCPConnection.java:1945)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.connnectUsingLocalAddress(RemoteTCPConnection.java:855)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.protocolConnect(RemoteTCPConnection.java:1262)
at com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:714)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection(RemoteConnectionSpecification.java:356)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession(RemoteConnectionSpecification.java:265)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:144)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1709)
... 31 more **Caused by: java.security.NoSuchAlgorithmException: SSL_TLSv2 SSLContext not available**
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) [rt.jar:1.8.0_101]
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156) [rt.jar:1.8.0_101]
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.buildTLSV1_2SocketFactory(RemoteTCPConnection.java:2461)
... 40 more
已更新:以下更改后,出现如下新错误: TLS_RSA_WITH_AES_128_CBC_SHA256 已添加JVM参数:-Dcom.ibm.mq.cfg.useIBMCipherMappings=FALSE
Caused by: com.ibm.msg.client.jms.DetailedIllegalStateException: JMSWMQ0018: Failed to connect to queue manager 'mqtap.uyg.uat11' with connection mode 'Client' and host name 'xxx'. Check the queue manager is started and if running in client mode, check there is a listener running. Please see the linked exception for more information.
at com.ibm.msg.client.wmq.common.internal.Reason.reasonToException(Reason.java:474)
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:216)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:431)
at com.ibm.msg.client.wmq.internal.WMQXAConnection.<init>(WMQXAConnection.java:70)
at com.ibm.msg.client.wmq.factories.WMQXAConnectionFactory.createV7ProviderConnection(WMQXAConnectionFactory.java:190)
at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createProviderConnection(WMQConnectionFactory.java:6157)
at com.ibm.msg.client.wmq.factories.WMQXAConnectionFactory.createProviderXAConnection(WMQXAConnectionFactory.java:102)
at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl.createXAConnectionInternal(JmsConnectionFactoryImpl.java:364)
at com.ibm.mq.jms.MQXAConnectionFactory.createXAConnection(MQXAConnectionFactory.java:124)
at com.ibm.mq.connector.ConnectionBuilder.createConnection(ConnectionBuilder.java:167)
... 22 more Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2059' ('MQRC_Q_MGR_NOT_AVAILABLE').
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:204)
... 30 more Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;AMQ9204: Connection to host 'xxx' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2059;AMQ9503: Channel negotiation failed. [3=xxx]],3=xxx,5=RemoteConnection.analyseErrorSegment]
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:2098)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1347)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:350)
... 29 more Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;AMQ9503: Channel negotiation failed. [3=xxx]
at com.ibm.mq.jmqi.remote.impl.RemoteConnection.analyseErrorSegment(RemoteConnection.java:3850)
at com.ibm.mq.jmqi.remote.impl.RemoteConnection.receiveTSH(RemoteConnection.java:2749)
at com.ibm.mq.jmqi.remote.impl.RemoteConnection.initSess(RemoteConnection.java:1024)
at com.ibm.mq.jmqi.remote.impl.RemoteConnection.connect(RemoteConnection.java:717)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSessionFromNewConnection(RemoteConnectionSpecification.java:356)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionSpecification.getSession(RemoteConnectionSpecification.java:265)
at com.ibm.mq.jmqi.remote.impl.RemoteConnectionPool.getSession(RemoteConnectionPool.java:144)
at com.ibm.mq.jmqi.remote.api.RemoteFAP.jmqiConnect(RemoteFAP.java:1709)
... 31 more
更新了javax.net.debug=ssl:
的输出trustStore is: C:deveclipseworkspaceXXXsrcmainapplicationconfigXXXkeystore.jks
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=mqClientmqtap.uyg.uat, OU=XXX BT, O=XXX TAS, L=XXX, C=TR
Issuer: CN=mqClientmqtap.uyg.uat, OU=XXX BT, O=XXX TAS, L=XXX, C=TR
Algorithm: RSA; Serial number: 0x5889a408
Valid from Thu Jan 26 10:23:52 EET 2017 until Sun Jan 24 10:23:52 EET 2027
adding as trusted cert:
Subject: CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=TR
Issuer: CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=TR
Algorithm: RSA; Serial number: 0x588996d3
Valid from Thu Jan 26 09:27:31 EET 2017 until Sun Jan 24 09:27:31 EET 2027
adding as trusted cert:
Subject: CN=mqServermqtap.uyg.uat12, OU=XXX BT, O=XXX TAS, L=XXX, C=TR
Issuer: CN=mqServermqtap.uyg.uat12, OU=XXX BT, O=XXX TAS, L=XXX, C=TR
Algorithm: RSA; Serial number: 0x5889994c
Valid from Thu Jan 26 09:38:04 EET 2017 until Sun Jan 24 09:38:04 EET 2027
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: falseAllow legacy hello messages: XXXueIs initial handshake: XXXueIs secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1573949056 bytes = { 248, 4, 131, 18, 179, 77, 58, 163, 213, 86, 162, 39, 153, 233, 66, 82, 68, 140, 162, 144, 245, 223, 148, 131, 41, 17, 182, 13 }
Session ID: {}
Cipher Suites: [TLS_RSA_WITH_AES_128_CBC_SHA256]
Compression Methods: { 0 }
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension server_name, server_name: [type=host_name (0), value=mqkont1.XXX.com.XXX]
Extension renegotiation_info, renegotiated_connection: <empty>
***
jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, WRITE: TLSv1.2 Handshake, length = 106
jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, READ: TLSv1.2 Handshake, length = 1247
*** ServerHello, TLSv1.2
RandomCookie: GMT: 710208142 bytes = { 152, 40, 119, 253, 151, 47, 206, 243, 81, 108, 25, 227, 196, 180, 235, 231, 180, 213, 136, 245, 68, 79, 87, 78, 71, 82, 68, 1 }
Session ID: {233, 220, 107, 227, 28, 86, 6, 240, 170, 113, 171, 164, 93, 132, 7, 120, 51, 79, 103, 215, 78, 157, 179, 176, 103, 14, 128, 68, 104, 28, 158, 75}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-2, TLS_RSA_WITH_AES_128_CBC_SHA256]
** TLS_RSA_WITH_AES_128_CBC_SHA256
*** Certificate chain
chain [0] = [[ Version: V3 Subject: CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=XXX Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 16868959742511831543539228188322318728282173929458725924838613545208147879023122029920833782971719231363516671703224653599860963934312081835272320238812022534477095634694802627860269361713438182846321229058529392716608829685708314508449574441166109812419649123445875905638934406872091742574829759871314621197235350998579563031139677192512639546904745848670104988385994626620908449612658040233325854445643585926360496269974991459750688880211123355953429519072414353674373705386071983844550354941821794692371907044593903275788892906274112049209437573188855729556317970379842595602177784867998565702046085858658609856373 public exponent: 65537 Validity: [From: Thu Jan 26 09:27:31 EET 2017, To: Sun Jan 24 09:27:31 EET 2027] Issuer: CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=XXX SerialNumber: [ 588996d3]Certificate Extensions: 2[1]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 04 62 9C B2 40 5E E0 C7 .b..@^..
]][2]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 04 62 9C B2 40 5E E0 C7 .b..@^..
]]] Algorithm: [SHA256withRSA] Signature:0000: 27 23 9A F1 20 45 4E 98 2C A7 38 83 CE 99 7A 41 '#.. EN.,.8...zA
0010: 0A 3A 57 02 E9 0F DE 73 73 01 07 B0 D8 19 C7 E2 .:W....ss.......
0020: F2 2D 16 85 31 37 19 37 E4 2D B1 2C 4A F1 79 E4 .-..17.7.-.,J.y.
0030: 09 99 E0 3A 47 B3 E2 4F F4 EE 01 C3 D4 52 D4 94 ...:G..O.....R..
0040: 38 49 09 59 3E 63 C1 44 48 B1 1F E3 B3 16 69 38 8I.Y>c.DH.....i8
0050: E1 FA 5A 73 6F D1 F4 64 B3 0F 2E FD 49 72 87 F2 ..Zso..d....Ir..
0060: 7E 59 76 87 C2 97 1C 8A 69 ED 92 52 D6 A4 3A 88 .Yv.....i..R..:.
0070: 84 43 20 4B C7 4B C8 42 18 A0 E5 BF A6 C8 A7 32 .C K.K.B.......2
0080: F2 E4 AA A3 F0 08 1F DF F2 5E EE 1E 9F 84 4A CB .........^....J.
0090: 80 A8 9D 83 ED 6D 2A 5F A2 C1 9E FC 89 D1 08 C0 .....m*_........
00A0: 82 DA 4D D1 97 3B AB AB 1A 8B 35 D9 1C C0 DF B4 ..M..;....5.....
00B0: 67 E3 39 A4 C8 73 2C F0 2A 70 2B 14 F7 F1 9C E8 g.9..s,.*p+.....
00C0: 71 89 99 93 AB AE D6 4B A0 46 1A 13 54 4E 6B 3B q......K.F..TNk;
00D0: E9 CE 97 92 4D 64 25 0C D9 4F 3B A6 CC 78 36 C0 ....Md%..O;..x6.
00E0: AE 75 0F A9 C1 3D D8 B2 AF 5F 68 9F FB EB 31 2F .u...=..._h...1/
00F0: 41 16 83 04 7B F2 0D 8E 07 47 47 8F 55 F7 33 29 A........GG.U.3)
]
***
Found XXXusted certificate:
[[ Version: V3 Subject: CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=XXX Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 16868959742511831543539228188322318728282173929458725924838613545208147879023122029920833782971719231363516671703224653599860963934312081835272320238812022534477095634694802627860269361713438182846321229058529392716608829685708314508449574441166109812419649123445875905638934406872091742574829759871314621197235350998579563031139677192512639546904745848670104988385994626620908449612658040233325854445643585926360496269974991459750688880211123355953429519072414353674373705386071983844550354941821794692371907044593903275788892906274112049209437573188855729556317970379842595602177784867998565702046085858658609856373 public exponent: 65537 Validity: [From: Thu Jan 26 09:27:31 EET 2017, To: Sun Jan 24 09:27:31 EET 2027] Issuer: CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=XXX SerialNumber: [ 588996d3]Certificate Extensions: 2[1]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 04 62 9C B2 40 5E E0 C7 .b..@^..
]][2]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 04 62 9C B2 40 5E E0 C7 .b..@^..
]]] Algorithm: [SHA256withRSA] Signature:0000: 27 23 9A F1 20 45 4E 98 2C A7 38 83 CE 99 7A 41 '#.. EN.,.8...zA
0010: 0A 3A 57 02 E9 0F DE 73 73 01 07 B0 D8 19 C7 E2 .:W....ss.......
0020: F2 2D 16 85 31 37 19 37 E4 2D B1 2C 4A F1 79 E4 .-..17.7.-.,J.y.
0030: 09 99 E0 3A 47 B3 E2 4F F4 EE 01 C3 D4 52 D4 94 ...:G..O.....R..
0040: 38 49 09 59 3E 63 C1 44 48 B1 1F E3 B3 16 69 38 8I.Y>c.DH.....i8
0050: E1 FA 5A 73 6F D1 F4 64 B3 0F 2E FD 49 72 87 F2 ..Zso..d....Ir..
0060: 7E 59 76 87 C2 97 1C 8A 69 ED 92 52 D6 A4 3A 88 .Yv.....i..R..:.
0070: 84 43 20 4B C7 4B C8 42 18 A0 E5 BF A6 C8 A7 32 .C K.K.B.......2
0080: F2 E4 AA A3 F0 08 1F DF F2 5E EE 1E 9F 84 4A CB .........^....J.
0090: 80 A8 9D 83 ED 6D 2A 5F A2 C1 9E FC 89 D1 08 C0 .....m*_........
00A0: 82 DA 4D D1 97 3B AB AB 1A 8B 35 D9 1C C0 DF B4 ..M..;....5.....
00B0: 67 E3 39 A4 C8 73 2C F0 2A 70 2B 14 F7 F1 9C E8 g.9..s,.*p+.....
00C0: 71 89 99 93 AB AE D6 4B A0 46 1A 13 54 4E 6B 3B q......K.F..TNk;
00D0: E9 CE 97 92 4D 64 25 0C D9 4F 3B A6 CC 78 36 C0 ....Md%..O;..x6.
00E0: AE 75 0F A9 C1 3D D8 B2 AF 5F 68 9F FB EB 31 2F .u...=..._h...1/
00F0: 41 16 83 04 7B F2 0D 8E 07 47 47 8F 55 F7 33 29 A........GG.U.3)
]
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withRSA, SHA384withRSA, SHA256withRSA, Unknown (hash:0x3, signature:0x1), SHA1withRSA, SHA512withECDSA, SHA384withECDSA, SHA256withECDSA, Unknown (hash:0x3, signature:0x3), SHA1withECDSA, SHA1withDSA
Cert Authorities:
<CN=mqClientmqtap.uyg.uat, OU=XXX BT, O=XXX TAS, L=XXX, C=XXX>
<CN=mqServermqtap.uyg.uat11, OU=XXX BT, O=XXX TAS, L=XXX, C=XXX>
*** ServerHelloDone
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1.2
jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, WRITE: TLSv1.2 Handshake, length = 269
SESSION KEYGEN:
PreMaster Secret:
0000: 03 03 B7 63 CA 3F 6F F4 A3 C8 68 5F 4E D4 84 9A ...c.?o...h_N...
0010: 17 03 40 12 66 C2 C3 D0 67 EE 64 54 50 5D AF ED ..@.f...g.dTP]..
0020: CD 8E 45 A9 6F CF 91 E1 60 6A 63 0D 9B CB AF D7 ..E.o...`jc.....
CONNECTION KEYGEN:
Client Nonce:
0000: 5E D1 8F 80 F8 04 83 12 B3 4D 3A A3 D5 56 A2 27 ^........M:..V.'
0010: 99 E9 42 52 44 8C A2 90 F5 DF 94 83 29 11 B6 0D ..BRD.......)...
Server Nonce:
0000: 2A 55 EB 8E 98 28 77 FD 97 2F CE F3 51 6C 19 E3 *U...(w../..Ql..
0010: C4 B4 EB E7 B4 D5 88 F5 44 4F 57 4E 47 52 44 01 ........DOWNGRD.
Master Secret:
0000: D9 0B 10 DB B5 9A 64 0C 56 2E 70 89 93 E4 52 6A ......d.V.p...Rj
0010: F7 C2 A9 9F 0D 6E 47 82 84 A0 6F D9 58 C0 E8 FF .....nG...o.X...
0020: E1 BB 6D 74 76 B0 D6 E5 83 FA 6F 89 D2 C1 BC 06 ..mtv.....o.....
Client MAC write Secret:
0000: 2E C0 A1 1A 6B 63 40 13 C9 2F 96 29 29 6B 46 3C ....kc@../.))kF<
0010: 61 48 69 06 66 9A 20 45 3C F4 63 BB 80 AE 95 84 aHi.f. E<.c.....
Server MAC write Secret:
0000: 64 5D 2F F0 C3 76 E7 53 61 0A D6 9A 23 80 7E 29 d]/..v.Sa...#..)
0010: C9 15 CC 4A 1A 6A 0C F8 5D A6 2F C3 CE F8 04 88 ...J.j..]./.....
Client write key:
0000: A1 3C 3A F9 81 3E 4A F4 D5 30 EB 7C FB 10 AF 1B .<:..>J..0......
Server write key:
0000: 0F 0C 65 F8 C5 6B C1 8B C4 51 36 35 2E 9F ED D6 ..e..k...Q65....
... no IV derived for this protocol
jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data: { 101, 32, 15, 187, 98, 153, 21, 159, 88, 122, 119, 59 }
***
jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, WRITE: TLSv1.2 Handshake, length = 80
jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, READ: TLSv1.2 Change Cipher Spec, length = 1
jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, READ: TLSv1.2 Handshake, length = 80
*** Finished
verify_data: { 80, 170, 1, 54, 80, 55, 237, 31, 125, 189, 221, 180 }
***
%% Cached client session: [Session-2, TLS_RSA_WITH_AES_128_CBC_SHA256]
jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, WRITE: TLSv1.2 Application Data, length = 288
jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, setSoTimeout(5000) called
jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, READ: TLSv1.2 Application Data, length = 96
jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, setSoTimeout(0) called
jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, called close()
jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, called closeInternal(XXXue)
jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, SEND TLSv1.2 ALERT: warning, description = close_notify
jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, WRITE: TLSv1.2 Alert, length = 64
jmsContainerBean_DEVOPS_DEVOPS_CONSUME_MESSAGE-1, called closeSocket(XXXue)
01:41:04,148 WARN [org.jboss.jca.core.connectionmanager.pool.sXXXategy.OnePool
解决方案
您在发送方运行的是一个非常旧的软件版本,MQ 7.1已在三年多前(2017年4月30日)不再受支持。据我所知,IBM将提供额外三年的延长支持,因此,即使是这种支持途径似乎也已经结束了。7.1.0.7维护版本本身是在2015年11月15日发布的,所以到目前为止它已经有4.5年的历史了。我强烈建议您升级到较新的版本。
请注意,MQ v8.0于2020年4月30日停止支持,IBM宣布MQ v9.0于2021年9月30日停止支持。当您进行迁移时,您应该选择没有宣布终止支持的9.1(他们至少提供五年的支持,因此可能是2023年),或者选择应该在今年晚些时候发布的下一个版本的MQ。
您在问题和评论中详细说明了两个问题。
您正在使用非IBM Java,因此您传递的密码套件不正确,我建议您执行以下操作:
- 添加Java系统属性
com.ibm.mq.cfg.useIBMCipherMappings=false
- 将密码套件指定为
TLS_RSA_WITH_AES_128_CBC_SHA256
- 添加Java系统属性
更正上述错误后,您会开始收到新的错误。根据您所做的故障排除和SSL调试日志,我注意到您使用的MQ版本不包含APARIT10837: WEBSPHERE MQ CHANNEL START FAILS WITH AMQ9637 WHEN USING A TLS 1.2 CIPHER RUNNING IN AN ORACLE JRE
PROBLEM DESCRIPTION: The Oracle JVM did not create a default internal key manager object for TLS socket connections, meaning that the client's signed personal certificates were not available for client authentication during the handshake, causing the connection attempt to fail. Problem conclusion An internal key manager object is now created for Oracle TLS connections, so the client's signed personal certificates are available during the handshake and the connection attempt succeeds. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v7.1 7.1.0.8 v7.5 7.5.0.7 v8.0 8.0.0.5
因此,MQ找不到您的密钥库和信任库。
推荐的解决方案是升级到受支持的IBM MQ版本。您可以使用Maven从以下链接获取最新的IBM MQ v9.1.0.5 LTS支持客户端:
MVN REPOSITORY » com.ibm.mq com.ibm.mq.allclient
相关文章